./mage -v ci:teste2e go: downloading github.com/go-git/go-git/v5 v5.17.2 go: downloading github.com/konflux-ci/image-controller v0.0.0-20241128141349-9986c9955e05 go: downloading github.com/onsi/gomega v1.40.0 go: downloading github.com/onsi/ginkgo/v2 v2.28.3 go: downloading github.com/gofri/go-github-ratelimit v1.1.1 go: downloading golang.org/x/tools v0.44.0 go: downloading github.com/konflux-ci/application-api v0.0.0-20260312190025-5154ad273e17 go: downloading go.yaml.in/yaml/v2 v2.4.4 go: downloading golang.org/x/sync v0.20.0 go: downloading github.com/42wim/httpsig v1.2.4 go: downloading golang.org/x/crypto v0.50.0 go: downloading github.com/konflux-ci/integration-service v0.0.0-20260507101458-6e2751b24d1c go: downloading github.com/konflux-ci/release-service v0.0.0-20260130155849-48535a3e5ace go: downloading golang.org/x/term v0.42.0 go: downloading golang.org/x/net v0.53.0 go: downloading golang.org/x/sys v0.43.0 go: downloading github.com/fxamacker/cbor/v2 v2.9.1 go: downloading golang.org/x/text v0.36.0 go: downloading google.golang.org/api v0.264.0 go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 go: downloading github.com/go-git/go-billy/v5 v5.8.0 go: downloading golang.org/x/mod v0.35.0 Running target: CI:TestE2E I0507 23:08:50.858456 27427 magefile.go:525] setting up new custom bundle for testing... I0507 23:08:51.271474 27427 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778195331-dgna -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: docker-build to image I0507 23:08:52.553734 27427 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778195331-dgna: quay.io/redhat-appstudio-qe/test-images@sha256:5e3b4539a814fd5c4ee96be6efc1e943ddec56480edf76c3e8c45c7665a022e7 I0507 23:08:52.553766 27427 magefile.go:531] To use the custom docker bundle locally, run below cmd: export CUSTOM_DOCKER_BUILD_PIPELINE_BUNDLE=quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778195331-dgna I0507 23:08:52.553795 27427 e2e_repo.go:347] checking if repository is e2e-tests I0507 23:08:52.553803 27427 e2e_repo.go:335] multi-platform tests and require sprayproxy registering are set to TRUE exec: git "diff" "--name-status" "upstream/main..HEAD" I0507 23:08:52.557962 27427 util.go:451] The following files, go.mod, go.sum, were changed! exec: go "install" "-mod=mod" "github.com/onsi/ginkgo/v2/ginkgo" go: downloading github.com/go-task/slim-sprig/v3 v3.0.0 go: downloading github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 I0507 23:08:55.939121 27427 install.go:226] cloning 'https://github.com/redhat-appstudio/infra-deployments' (ref: 'refs/heads/main', remote: 'upstream') Enumerating objects: 80613, done. Counting objects: 0% (1/174) Counting objects: 1% (2/174) Counting objects: 2% (4/174) Counting objects: 3% (6/174) Counting objects: 4% (7/174) Counting objects: 5% (9/174) Counting objects: 6% (11/174) Counting objects: 7% (13/174) Counting objects: 8% (14/174) Counting objects: 9% (16/174) Counting objects: 10% (18/174) Counting objects: 11% (20/174) Counting objects: 12% (21/174) Counting objects: 13% (23/174) Counting objects: 14% (25/174) Counting objects: 15% (27/174) Counting objects: 16% (28/174) Counting objects: 17% (30/174) Counting objects: 18% (32/174) Counting objects: 19% (34/174) Counting objects: 20% (35/174) Counting objects: 21% (37/174) Counting objects: 22% (39/174) Counting objects: 23% (41/174) Counting objects: 24% (42/174) Counting objects: 25% (44/174) Counting objects: 26% (46/174) Counting objects: 27% (47/174) Counting objects: 28% (49/174) Counting objects: 29% (51/174) Counting objects: 30% (53/174) Counting objects: 31% (54/174) Counting objects: 32% (56/174) Counting objects: 33% (58/174) Counting objects: 34% (60/174) Counting objects: 35% (61/174) Counting objects: 36% (63/174) Counting objects: 37% (65/174) Counting objects: 38% (67/174) Counting objects: 39% (68/174) Counting objects: 40% (70/174) Counting objects: 41% (72/174) Counting objects: 42% (74/174) Counting objects: 43% (75/174) Counting objects: 44% (77/174) Counting objects: 45% (79/174) Counting objects: 46% (81/174) Counting objects: 47% (82/174) Counting objects: 48% (84/174) Counting objects: 49% (86/174) Counting objects: 50% (87/174) Counting objects: 51% (89/174) Counting objects: 52% (91/174) Counting objects: 53% (93/174) Counting objects: 54% (94/174) Counting objects: 55% (96/174) Counting objects: 56% (98/174) Counting objects: 57% (100/174) Counting objects: 58% (101/174) Counting objects: 59% (103/174) Counting objects: 60% (105/174) Counting objects: 61% (107/174) Counting objects: 62% (108/174) Counting objects: 63% (110/174) Counting objects: 64% (112/174) Counting objects: 65% (114/174) Counting objects: 66% (115/174) Counting objects: 67% (117/174) Counting objects: 68% (119/174) Counting objects: 69% (121/174) Counting objects: 70% (122/174) Counting objects: 71% (124/174) Counting objects: 72% (126/174) Counting objects: 73% (128/174) Counting objects: 74% (129/174) Counting objects: 75% (131/174) Counting objects: 76% (133/174) Counting objects: 77% (134/174) Counting objects: 78% (136/174) Counting objects: 79% (138/174) Counting objects: 80% (140/174) Counting objects: 81% (141/174) Counting objects: 82% (143/174) Counting objects: 83% (145/174) Counting objects: 84% (147/174) Counting objects: 85% (148/174) Counting objects: 86% (150/174) Counting objects: 87% (152/174) Counting objects: 88% (154/174) Counting objects: 89% (155/174) Counting objects: 90% (157/174) Counting objects: 91% (159/174) Counting objects: 92% (161/174) Counting objects: 93% (162/174) Counting objects: 94% (164/174) Counting objects: 95% (166/174) Counting objects: 96% (168/174) Counting objects: 97% (169/174) Counting objects: 98% (171/174) Counting objects: 99% (173/174) Counting objects: 100% (174/174) Counting objects: 100% (174/174), done. Compressing objects: 0% (1/115) Compressing objects: 1% (2/115) Compressing objects: 2% (3/115) Compressing objects: 3% (4/115) Compressing objects: 4% (5/115) Compressing objects: 5% (6/115) Compressing objects: 6% (7/115) Compressing objects: 7% (9/115) Compressing objects: 8% (10/115) Compressing objects: 9% (11/115) Compressing objects: 10% (12/115) Compressing objects: 11% (13/115) Compressing objects: 12% (14/115) Compressing objects: 13% (15/115) Compressing objects: 14% (17/115) Compressing objects: 15% (18/115) Compressing objects: 16% (19/115) Compressing objects: 17% (20/115) Compressing objects: 18% (21/115) Compressing objects: 19% (22/115) Compressing objects: 20% (23/115) Compressing objects: 21% (25/115) Compressing objects: 22% (26/115) Compressing objects: 23% (27/115) Compressing objects: 24% (28/115) Compressing objects: 25% (29/115) Compressing objects: 26% (30/115) Compressing objects: 27% (32/115) Compressing objects: 28% (33/115) Compressing objects: 29% (34/115) Compressing objects: 30% (35/115) Compressing objects: 31% (36/115) Compressing objects: 32% (37/115) Compressing objects: 33% (38/115) Compressing objects: 34% (40/115) Compressing objects: 35% (41/115) Compressing objects: 36% (42/115) Compressing objects: 37% (43/115) Compressing objects: 38% (44/115) Compressing objects: 39% (45/115) Compressing objects: 40% (46/115) Compressing objects: 41% (48/115) Compressing objects: 42% (49/115) Compressing objects: 43% (50/115) Compressing objects: 44% (51/115) Compressing objects: 45% (52/115) Compressing objects: 46% (53/115) Compressing objects: 47% (55/115) Compressing objects: 48% (56/115) Compressing objects: 49% (57/115) Compressing objects: 50% (58/115) Compressing objects: 51% (59/115) Compressing objects: 52% (60/115) Compressing objects: 53% (61/115) Compressing objects: 54% (63/115) Compressing objects: 55% (64/115) Compressing objects: 56% (65/115) Compressing objects: 57% (66/115) Compressing objects: 58% (67/115) Compressing objects: 59% (68/115) Compressing objects: 60% (69/115) Compressing objects: 61% (71/115) Compressing objects: 62% (72/115) Compressing objects: 63% (73/115) Compressing objects: 64% (74/115) Compressing objects: 65% (75/115) Compressing objects: 66% (76/115) Compressing objects: 67% (78/115) Compressing objects: 68% (79/115) Compressing objects: 69% (80/115) Compressing objects: 70% (81/115) Compressing objects: 71% (82/115) Compressing objects: 72% (83/115) Compressing objects: 73% (84/115) Compressing objects: 74% (86/115) Compressing objects: 75% (87/115) Compressing objects: 76% (88/115) Compressing objects: 77% (89/115) Compressing objects: 78% (90/115) Compressing objects: 79% (91/115) Compressing objects: 80% (92/115) Compressing objects: 81% (94/115) Compressing objects: 82% (95/115) Compressing objects: 83% (96/115) Compressing objects: 84% (97/115) Compressing objects: 85% (98/115) Compressing objects: 86% (99/115) Compressing objects: 87% (101/115) Compressing objects: 88% (102/115) Compressing objects: 89% (103/115) Compressing objects: 90% (104/115) Compressing objects: 91% (105/115) Compressing objects: 92% (106/115) Compressing objects: 93% (107/115) Compressing objects: 94% (109/115) Compressing objects: 95% (110/115) Compressing objects: 96% (111/115) Compressing objects: 97% (112/115) Compressing objects: 98% (113/115) Compressing objects: 99% (114/115) Compressing objects: 100% (115/115) Compressing objects: 100% (115/115), done. Total 80613 (delta 101), reused 75 (delta 59), pack-reused 80439 (from 3) From https://github.com/redhat-appstudio/infra-deployments * branch main -> FETCH_HEAD Already up to date. ============================================================================= [2026-05-07 23:08:59] [STEP] Starting Konflux Cluster Bootstrap ============================================================================= [2026-05-07 23:08:59] [INFO] Mode: preview [2026-05-07 23:08:59] [INFO] Options: OBO=disabled, EAAS=disabled [2026-05-07 23:08:59] [INFO] Start time: 2026-05-07 23:08:59 UTC ============================================================================= [2026-05-07 23:08:59] [STEP] Phase 1: Deploying ArgoCD ============================================================================= ============================================================================= [2026-05-07 23:08:59] [STEP] Deploying OpenShift GitOps (ArgoCD) ============================================================================= [2026-05-07 23:08:59] [SUBSTEP] Verifying cluster-admin permissions [2026-05-07 23:08:59] [SUCCESS] User 'cluster-admin' has cluster-admin permissions [2026-05-07 23:08:59] [SUBSTEP] Installing OpenShift GitOps operator subscription clusterrole.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-application-controller created clusterrole.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-server created clusterrolebinding.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-application-controller created clusterrolebinding.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-server created subscription.operators.coreos.com/openshift-gitops-operator created [2026-05-07 23:09:00] [SUCCESS] GitOps operator subscription applied [2026-05-07 23:09:00] [SUBSTEP] Waiting for default ArgoCD project to be created [2026-05-07 23:09:00] [WAITING] Default project not yet available (5s/300s) [2026-05-07 23:09:05] [WAITING] Default project not yet available (10s/300s) [2026-05-07 23:09:10] [WAITING] Default project not yet available (15s/300s) [2026-05-07 23:09:16] [WAITING] Default project not yet available (20s/300s) [2026-05-07 23:09:21] [WAITING] Default project not yet available (25s/300s) [2026-05-07 23:09:26] [WAITING] Default project not yet available (30s/300s) [2026-05-07 23:09:32] [WAITING] Default project not yet available (35s/300s) [2026-05-07 23:09:37] [SUCCESS] Default ArgoCD project is available [2026-05-07 23:09:37] [SUBSTEP] Waiting for OpenShift GitOps route to be created [2026-05-07 23:09:37] [SUCCESS] OpenShift GitOps route is available [2026-05-07 23:09:37] [SUBSTEP] Configuring ArgoCD repo server resources and timeout argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:37] [SUCCESS] Repo server configured: timeout=5m, cpu=100m, memory=100Mi [2026-05-07 23:09:37] [SUBSTEP] Configuring ArgoCD application controller resources argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:38] [SUCCESS] Application controller configured: cpu=4, memory=4Gi [2026-05-07 23:09:38] [SUBSTEP] Switching ArgoCD route to re-encryption TLS argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:38] [SUCCESS] Route TLS termination set to 'reencrypt' [2026-05-07 23:09:38] [SUBSTEP] Restarting ArgoCD server after TLS configuration change pod "openshift-gitops-server-6944966b75-xq74v" deleted [2026-05-07 23:09:39] [SUCCESS] ArgoCD server pods deleted for restart [2026-05-07 23:09:39] [SUBSTEP] Granting admin role to authenticated users [2026-05-07 23:09:39] [INFO] Note: This should be updated once proper access policy is in place argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:39] [SUCCESS] RBAC policy set: system:authenticated -> role:admin [2026-05-07 23:09:39] [SUBSTEP] Configuring PVC health check (WaitForFirstConsumer workaround) Warning: unknown field "spec.resourceCustomizations" argocd.argoproj.io/openshift-gitops patched (no change) [2026-05-07 23:09:39] [SUCCESS] PVC health customization applied (Pending/Bound = Healthy) [2026-05-07 23:09:39] [SUBSTEP] Enabling Helm support in Kustomize builds argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:39] [SUCCESS] Kustomize build options set: --enable-helm [2026-05-07 23:09:39] [SUBSTEP] Configuring ArgoCD to ignore aggregated roles in diff argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:39] [SUCCESS] ignoreAggregatedRoles set to true [2026-05-07 23:09:39] [SUBSTEP] Setting ArgoCD tracking method to annotation argocd.argoproj.io/openshift-gitops patched [2026-05-07 23:09:39] [SUCCESS] Resource tracking method set to 'annotation' [2026-05-07 23:09:39] [SUBSTEP] Restarting GitOps server deployment deployment.apps/openshift-gitops-server restarted [2026-05-07 23:09:40] [SUCCESS] GitOps server restart initiated [2026-05-07 23:09:40] [INFO] Waiting for rollout to complete... Waiting for deployment "openshift-gitops-server" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "openshift-gitops-server" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "openshift-gitops-server" rollout to finish: 1 old replicas are pending termination... deployment "openshift-gitops-server" successfully rolled out [2026-05-07 23:10:10] [SUCCESS] GitOps server rollout complete ============================================================================= [2026-05-07 23:10:10] [STEP] ArgoCD Access Information ============================================================================= [2026-05-07 23:10:10] [INFO] ArgoCD URL: https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com [2026-05-07 23:10:10] [INFO] Authentication: Use 'Login with OpenShift' button (OpenShift credentials) [2026-05-07 23:10:10] [SUBSTEP] Verifying ArgoCD route is accessible [2026-05-07 23:10:30] [WAITING] Waiting for route to respond (5s/120s) [2026-05-07 23:10:35] [SUCCESS] ArgoCD is accessible at https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com [ARGOCD_DEPLOY_JSON] {"status":"success","url":"https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com","namespace":"openshift-gitops","auth_method":"openshift"} ============================================================================= [2026-05-07 23:10:35] [STEP] OpenShift GitOps Deployment Complete ============================================================================= ============================================================================= [2026-05-07 23:10:35] [STEP] Phase 2: Bootstrapping Host Cluster ============================================================================= [2026-05-07 23:10:35] [INFO] Bootstrapping host cluster components [2026-05-07 23:10:35] [INFO] No preview.env file found - using environment variables only [2026-05-07 23:10:35] [SUBSTEP] Configuring Quality Dashboard secrets Setting secrets for Quality Dashboard namespace/quality-dashboard created secret/quality-dashboard-secrets created [2026-05-07 23:10:39] [SUCCESS] Quality Dashboard secrets configured [2026-05-07 23:10:39] [SUBSTEP] Configuring CI Helper App secret Creating secret for CI Helper App namespace/ci-helper-app created secret/ci-helper-app-secrets created [2026-05-07 23:10:42] [SUCCESS] CI Helper App secret configured [2026-05-07 23:10:42] [SUCCESS] Host cluster bootstrap complete ============================================================================= [2026-05-07 23:10:42] [STEP] Phase 3: Bootstrapping Member Cluster ============================================================================= [2026-05-07 23:10:42] [INFO] Bootstrapping member cluster components [2026-05-07 23:10:42] [INFO] No preview.env file found - using environment variables only [2026-05-07 23:10:42] [SUBSTEP] Configuring Pipeline Service secrets Setting secrets for pipeline-service tekton-results namespace already exists, skipping creation tekton-logging namespace already exists, skipping creation namespace/product-kubearchive-logging created Creating DB secret secret/tekton-results-database created Creating S3 secret secret/tekton-results-s3 created Creating MinIO config secret/minio-storage-configuration created Creating S3 secret secret/tekton-results-s3 created Creating MinIO config MinIO config already exists, skipping creation Creating Postgres TLS certs secret/postgresql-tls created configmap/rds-root-crt created [2026-05-07 23:10:45] [SUCCESS] Pipeline Service secrets configured [2026-05-07 23:10:45] [SUBSTEP] Configuring GitHub secrets [2026-05-07 23:10:45] [INFO] GitHub token provided - creating secrets namespace/application-service created Creating a has secret from legacy token secret/has-github-token created [2026-05-07 23:10:45] [SUCCESS] GitHub secrets configured [2026-05-07 23:10:45] [SUBSTEP] Configuring Image Controller secrets [2026-05-07 23:10:45] [INFO] Quay organization: redhat-appstudio-qe Creating a secret with a token for Image Controller namespace/image-controller created secret/quaytoken created [2026-05-07 23:10:46] [SUCCESS] Image Controller secrets configured [2026-05-07 23:10:46] [SUCCESS] Member cluster bootstrap complete ============================================================================= [2026-05-07 23:10:46] [STEP] Phase 4: Bootstrapping Common Components ============================================================================= [2026-05-07 23:10:46] [INFO] Bootstrapping common cluster components [2026-05-07 23:10:46] [INFO] No preview.env file found at /tmp/tmp.72Gj3TWGe0/tmp/infra-deployments/hack/../hack/preview.env - using environment variables only [2026-05-07 23:10:46] [SUBSTEP] Configuring Docker Hub pull secret Configuring the cluster with a pull secret for Docker Hub Saved credentials for docker.io into /tmp/tmp.KTxuv4Temu secret/pull-secret data updated Saved credentials for docker.io into /tmp/tmp.KTxuv4Temu secret/docker-io-pull created [2026-05-07 23:10:47] [SUCCESS] Docker Hub pull secret configured [2026-05-07 23:10:47] [SUBSTEP] Configuring DORA metrics exporter secrets Setting secrets for Dora metrics exporter namespace/dora-metrics created secret/exporters-secret created [2026-05-07 23:10:48] [SUCCESS] DORA metrics exporter secrets configured [2026-05-07 23:10:48] [SUCCESS] Common cluster bootstrap complete ============================================================================= [2026-05-07 23:10:48] [STEP] Phase 5: Mode-Specific Deployment (preview) ============================================================================= [2026-05-07 23:10:48] [INFO] Deploying preview configuration ============================================================================= [2026-05-07 23:10:48] [STEP] Starting Konflux Preview Environment Setup ============================================================================= [2026-05-07 23:10:48] [INFO] Script: /tmp/tmp.72Gj3TWGe0/tmp/infra-deployments/hack/../hack/preview.sh [2026-05-07 23:10:48] [INFO] Options: OBO=false, GRAFANA=false, EAAS=false [2026-05-07 23:10:48] [INFO] Start time: 2026-05-07 23:10:48 UTC ============================================================================= [2026-05-07 23:10:48] [STEP] Cluster Context Information ============================================================================= [2026-05-07 23:10:49] [INFO] OpenShift Version: 4.18.9 [2026-05-07 23:10:49] [INFO] API Server: https://api.kx-5c73bd6c60.cpmk.p3.openshiftapps.com:443 [2026-05-07 23:10:49] [INFO] Cluster ID: 30260168-1211-4114-9c90-9b00c8895b51 [2026-05-07 23:10:49] [INFO] Cluster Domain: apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com [2026-05-07 23:10:49] [INFO] Total Nodes: 3 [2026-05-07 23:10:49] [INFO] - Master nodes: 0 [2026-05-07 23:10:49] [INFO] - Worker nodes: 3 [2026-05-07 23:10:49] [SUCCESS] Cluster operators: All healthy [CLUSTER_CONTEXT_JSON] {"ocp_version":"4.18.9","api_server":"https://api.kx-5c73bd6c60.cpmk.p3.openshiftapps.com:443","cluster_id":"30260168-1211-4114-9c90-9b00c8895b51","cluster_domain":"apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com","total_nodes":3,"master_nodes":0,"worker_nodes":3,"degraded_operators":0} Switched to a new branch 'preview-main-qhni' [2026-05-07 23:10:49] [SUCCESS] Git environment initialized [2026-05-07 23:10:49] [INFO] - Repository URL: https://github.com/redhat-appstudio-qe/infra-deployments.git [2026-05-07 23:10:49] [INFO] - Source branch: main [2026-05-07 23:10:49] [INFO] - Preview branch: preview-main-qhni [2026-05-07 23:10:49] [INFO] - GitHub org: redhat-appstudio-qe ============================================================================= [2026-05-07 23:10:49] [STEP] Patching ArgoCD application manifests to use fork repository ============================================================================= [2026-05-07 23:10:49] [INFO] Setting repoURL to: https://github.com/redhat-appstudio-qe/infra-deployments.git [2026-05-07 23:10:49] [INFO] Setting targetRevision to: preview-main-qhni [2026-05-07 23:10:49] [SUBSTEP] Patched: application-patch.yaml [2026-05-07 23:10:49] [SUBSTEP] Patched: application-set-patch.yaml [2026-05-07 23:10:49] [SUBSTEP] Patched: application-set-multisrc-src-1-patch.yaml [2026-05-07 23:10:49] [SUCCESS] All ArgoCD patch files updated ============================================================================= [2026-05-07 23:10:49] [STEP] Labeling cluster nodes for Konflux workloads ============================================================================= [2026-05-07 23:10:49] [INFO] Reference: https://github.com/redhat-appstudio/infra-deployments/pull/4415 [2026-05-07 23:10:50] [INFO] Found 3 nodes to label with 'konflux-ci.dev/workload=konflux-tenants' [2026-05-07 23:10:50] [SUBSTEP] Labeling node/ip-10-0-132-135.ec2.internal node/ip-10-0-132-135.ec2.internal labeled [2026-05-07 23:10:50] [SUCCESS] Successfully labeled node/ip-10-0-132-135.ec2.internal [2026-05-07 23:10:50] [SUBSTEP] Labeling node/ip-10-0-146-246.ec2.internal node/ip-10-0-146-246.ec2.internal labeled [2026-05-07 23:10:50] [SUCCESS] Successfully labeled node/ip-10-0-146-246.ec2.internal [2026-05-07 23:10:50] [SUBSTEP] Labeling node/ip-10-0-175-46.ec2.internal node/ip-10-0-175-46.ec2.internal labeled [2026-05-07 23:10:50] [SUCCESS] Successfully labeled node/ip-10-0-175-46.ec2.internal [2026-05-07 23:10:50] [SUBSTEP] Verifying labels on all nodes... [2026-05-07 23:10:50] [SUCCESS] All 3 nodes labeled and verified successfully ============================================================================= [2026-05-07 23:10:50] [STEP] Checking OCP version for Kueue compatibility ============================================================================= [2026-05-07 23:10:50] [INFO] Detected OpenShift Container Platform version: 4.18.9 (minor: 18) [2026-05-07 23:10:50] [SUCCESS] OCP version 4.18.9 meets Kueue requirements - Kueue will be deployed ============================================================================= [2026-05-07 23:10:50] [STEP] Configuring GitHub organization ============================================================================= [2026-05-07 23:10:50] [INFO] Setting GitHub org to: redhat-appstudio-qe [2026-05-07 23:10:50] [INFO] Configuring GitHub organization for Application Service (HAS) [2026-05-07 23:10:50] [INFO] - Target org: redhat-appstudio-qe [2026-05-07 23:10:50] [INFO] - Config file: /tmp/tmp.72Gj3TWGe0/tmp/infra-deployments/hack/../components/has/base/kustomization.yaml [2026-05-07 23:10:50] [SUCCESS] GitHub organization set to 'redhat-appstudio-qe' [2026-05-07 23:10:50] [SUCCESS] Verified: Configuration updated correctly [2026-05-07 23:10:50] [SUCCESS] GitHub organization configured ============================================================================= [2026-05-07 23:10:50] [STEP] Configuring Rekor server hostname ============================================================================= [2026-05-07 23:10:50] [INFO] Cluster domain: apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com [2026-05-07 23:10:50] [INFO] Rekor server hostname: rekor.apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com [2026-05-07 23:10:50] [SUCCESS] Rekor server hostname configured ============================================================================= [2026-05-07 23:10:50] [STEP] Applying service image overrides from environment variables ============================================================================= [2026-05-07 23:10:51] [INFO] No service image overrides configured - using default images ============================================================================= [2026-05-07 23:10:51] [STEP] Committing and pushing preview changes ============================================================================= [preview-main-qhni 1269d54d3] Preview mode, do not merge into main 8 files changed, 15 insertions(+), 19 deletions(-) remote: remote: Create a pull request for 'preview-main-qhni' on GitHub by visiting: remote: https://github.com/redhat-appstudio-qe/infra-deployments/pull/new/preview-main-qhni remote: To https://github.com/redhat-appstudio-qe/infra-deployments.git * [new branch] preview-main-qhni -> preview-main-qhni branch 'preview-main-qhni' set up to track 'qe/preview-main-qhni'. [2026-05-07 23:10:52] [SUCCESS] Preview changes committed and pushed to qe/preview-main-qhni ============================================================================= [2026-05-07 23:10:52] [STEP] Deploying ArgoCD applications ============================================================================= [2026-05-07 23:10:52] [SUBSTEP] Applying root Application from: /tmp/tmp.72Gj3TWGe0/tmp/infra-deployments/hack/../argo-cd-apps/app-of-app-sets/development application.argoproj.io/all-application-sets created [2026-05-07 23:10:52] [SUCCESS] Root Application 'all-application-sets' created [2026-05-07 23:10:52] [SUBSTEP] Waiting for 'all-application-sets' to become Healthy and Synced [2026-05-07 23:10:52] [WAITING] Root application status: ' ' (target: 'Healthy Synced') - 5s elapsed [2026-05-07 23:10:57] [WAITING] Root application status: ' ' (target: 'Healthy Synced') - 10s elapsed [2026-05-07 23:11:03] [WAITING] Root application status: 'Healthy OutOfSync' (target: 'Healthy Synced') - 15s elapsed [2026-05-07 23:11:08] [WAITING] Root application status: 'Healthy OutOfSync' (target: 'Healthy Synced') - 20s elapsed [2026-05-07 23:11:13] [WAITING] Root application status: 'Healthy OutOfSync' (target: 'Healthy Synced') - 25s elapsed [2026-05-07 23:11:18] [SUCCESS] Root application 'all-application-sets' is Healthy and Synced [2026-05-07 23:11:18] [SUBSTEP] Triggering hard refresh on all ArgoCD applications [2026-05-07 23:11:18] [INFO] Found 43 applications to refresh application.argoproj.io/disable-csvcopy-in-cluster-local patched application.argoproj.io/smee-client-in-cluster-local patched application.argoproj.io/dora-metrics-in-cluster-local patched application.argoproj.io/application-api-in-cluster-local patched application.argoproj.io/backup-in-cluster-local patched application.argoproj.io/mintmaker-in-cluster-local patched application.argoproj.io/kyverno-in-cluster-local patched application.argoproj.io/disaster-recovery-in-cluster-local patched application.argoproj.io/build-templates-in-cluster-local patched application.argoproj.io/image-rbac-proxy-in-cluster-local patched application.argoproj.io/has-in-cluster-local patched application.argoproj.io/image-controller-in-cluster-local patched application.argoproj.io/all-application-sets patched application.argoproj.io/crossplane-control-plane-in-cluster-local patched application.argoproj.io/tracing-workload-otel-collector-in-cluster-local patched application.argoproj.io/multi-platform-controller-in-cluster-local patched application.argoproj.io/konflux-rbac-in-cluster-local patched application.argoproj.io/release-in-cluster-local patched application.argoproj.io/tempo-in-cluster-local patched application.argoproj.io/internal-services-in-cluster-local patched application.argoproj.io/repository-validator-in-cluster-local patched application.argoproj.io/kueue-in-cluster-local patched application.argoproj.io/vector-tekton-logs-collector-in-cluster-local patched application.argoproj.io/tracing-workload-tracing-in-cluster-local patched application.argoproj.io/cert-manager-in-cluster-local patched application.argoproj.io/konflux-kite-in-cluster-local patched application.argoproj.io/monitoring-cardinality-in-cluster-local patched application.argoproj.io/konflux-info-in-cluster-local patched application.argoproj.io/kubearchive-in-cluster-local patched application.argoproj.io/trust-manager-in-cluster-local patched application.argoproj.io/monitoring-workload-prometheus-in-cluster-local patched application.argoproj.io/build-service-in-cluster-local patched application.argoproj.io/vector-kubearchive-log-collector-in-cluster-local patched (no change) application.argoproj.io/integration-in-cluster-local patched application.argoproj.io/knative-eventing-in-cluster-local patched application.argoproj.io/pipeline-service-in-cluster-local patched application.argoproj.io/squid-in-cluster-local patched application.argoproj.io/policies-in-cluster-local patched application.argoproj.io/enterprise-contract-in-cluster-local patched application.argoproj.io/monitoring-workload-custom-kube-state-metrics-in-cluster-local patched application.argoproj.io/monitoring-registry-in-cluster-local patched application.argoproj.io/project-controller-in-cluster-local patched application.argoproj.io/perf-team-prometheus-reader-in-cluster-local patched [2026-05-07 23:11:26] [SUCCESS] Hard refresh triggered on all 43 applications [2026-05-07 23:11:26] [SUBSTEP] Waiting for refresh operations to complete [2026-05-07 23:11:26] [PROGRESS] Refresh: 0/43 complete | 43 still refreshing (5s elapsed) [2026-05-07 23:11:31] [PROGRESS] Refresh: 0/43 complete | 43 still refreshing (10s elapsed) [2026-05-07 23:11:37] [PROGRESS] Refresh: 0/43 complete | 43 still refreshing (15s elapsed) [2026-05-07 23:11:42] [PROGRESS] Refresh: 3/43 complete | 40 still refreshing (20s elapsed) [2026-05-07 23:11:47] [PROGRESS] Refresh: 3/43 complete | 40 still refreshing (25s elapsed) [2026-05-07 23:11:52] [PROGRESS] Refresh: 23/43 complete | 20 still refreshing (30s elapsed) [2026-05-07 23:11:58] [PROGRESS] Refresh: 34/43 complete | 9 still refreshing (35s elapsed) [2026-05-07 23:12:03] [PROGRESS] Refresh: 37/43 complete | 6 still refreshing (40s elapsed) [2026-05-07 23:12:08] [PROGRESS] Refresh: 37/43 complete | 6 still refreshing (45s elapsed) [2026-05-07 23:12:14] [PROGRESS] Refresh: 38/43 complete | 5 still refreshing (50s elapsed) [2026-05-07 23:12:19] [PROGRESS] Refresh: 38/43 complete | 5 still refreshing (55s elapsed) [2026-05-07 23:12:24] [PROGRESS] Refresh: 39/43 complete | 4 still refreshing (60s elapsed) [2026-05-07 23:12:30] [PROGRESS] Refresh: 41/43 complete | 2 still refreshing (65s elapsed) [2026-05-07 23:12:35] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (70s elapsed) [2026-05-07 23:12:40] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (75s elapsed) [2026-05-07 23:12:46] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (80s elapsed) [2026-05-07 23:12:51] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (85s elapsed) [2026-05-07 23:12:56] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (90s elapsed) [2026-05-07 23:13:02] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (95s elapsed) [2026-05-07 23:13:07] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (100s elapsed) [2026-05-07 23:13:12] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (105s elapsed) [2026-05-07 23:13:17] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (110s elapsed) [2026-05-07 23:13:23] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (115s elapsed) [2026-05-07 23:13:28] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (120s elapsed) [2026-05-07 23:13:33] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (125s elapsed) [2026-05-07 23:13:39] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (130s elapsed) [2026-05-07 23:13:44] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (135s elapsed) [2026-05-07 23:13:50] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (140s elapsed) [2026-05-07 23:13:55] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (145s elapsed) [2026-05-07 23:14:01] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (150s elapsed) [2026-05-07 23:14:06] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (155s elapsed) [2026-05-07 23:14:11] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (160s elapsed) [2026-05-07 23:14:17] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (165s elapsed) [2026-05-07 23:14:22] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (170s elapsed) [2026-05-07 23:14:27] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (175s elapsed) [2026-05-07 23:14:33] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (180s elapsed) [2026-05-07 23:14:38] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (185s elapsed) [2026-05-07 23:14:43] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (190s elapsed) [2026-05-07 23:14:49] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (195s elapsed) [2026-05-07 23:14:54] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (200s elapsed) [2026-05-07 23:14:59] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (205s elapsed) [2026-05-07 23:15:05] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (210s elapsed) [2026-05-07 23:15:10] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (215s elapsed) [2026-05-07 23:15:15] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (220s elapsed) [2026-05-07 23:15:21] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (225s elapsed) [2026-05-07 23:15:26] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (230s elapsed) [2026-05-07 23:15:31] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (235s elapsed) [2026-05-07 23:15:38] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (240s elapsed) [2026-05-07 23:15:43] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (245s elapsed) [2026-05-07 23:15:48] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (250s elapsed) [2026-05-07 23:15:54] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (255s elapsed) [2026-05-07 23:15:59] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (260s elapsed) [2026-05-07 23:16:04] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (265s elapsed) [2026-05-07 23:16:10] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (270s elapsed) [2026-05-07 23:16:15] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (275s elapsed) [2026-05-07 23:16:21] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (280s elapsed) [2026-05-07 23:16:26] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (285s elapsed) [2026-05-07 23:16:31] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (290s elapsed) [2026-05-07 23:16:37] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (295s elapsed) [2026-05-07 23:16:42] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (300s elapsed) [2026-05-07 23:16:47] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (305s elapsed) [2026-05-07 23:16:53] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (310s elapsed) [2026-05-07 23:16:58] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (315s elapsed) [2026-05-07 23:17:03] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (320s elapsed) [2026-05-07 23:17:09] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (325s elapsed) [2026-05-07 23:17:14] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (330s elapsed) [2026-05-07 23:17:19] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (335s elapsed) [2026-05-07 23:17:25] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (340s elapsed) [2026-05-07 23:17:30] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (345s elapsed) [2026-05-07 23:17:35] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (350s elapsed) [2026-05-07 23:17:41] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (355s elapsed) [2026-05-07 23:17:46] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (360s elapsed) [2026-05-07 23:17:51] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (365s elapsed) [2026-05-07 23:17:57] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (370s elapsed) [2026-05-07 23:18:02] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (375s elapsed) [2026-05-07 23:18:07] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (380s elapsed) [2026-05-07 23:18:13] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (385s elapsed) [2026-05-07 23:18:18] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (390s elapsed) [2026-05-07 23:18:23] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (395s elapsed) [2026-05-07 23:18:29] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (400s elapsed) [2026-05-07 23:18:34] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (405s elapsed) [2026-05-07 23:18:39] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (410s elapsed) [2026-05-07 23:18:45] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (415s elapsed) [2026-05-07 23:18:50] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (420s elapsed) [2026-05-07 23:18:55] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (425s elapsed) [2026-05-07 23:19:01] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (430s elapsed) [2026-05-07 23:19:06] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (435s elapsed) [2026-05-07 23:19:11] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (440s elapsed) [2026-05-07 23:19:17] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (445s elapsed) [2026-05-07 23:19:22] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (450s elapsed) [2026-05-07 23:19:27] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (455s elapsed) [2026-05-07 23:19:33] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (460s elapsed) [2026-05-07 23:19:38] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (465s elapsed) [2026-05-07 23:19:44] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (470s elapsed) [2026-05-07 23:19:49] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (475s elapsed) [2026-05-07 23:19:55] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (480s elapsed) [2026-05-07 23:20:00] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (485s elapsed) [2026-05-07 23:20:05] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (490s elapsed) [2026-05-07 23:20:11] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (495s elapsed) [2026-05-07 23:20:16] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (500s elapsed) [2026-05-07 23:20:21] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (505s elapsed) [2026-05-07 23:20:27] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (510s elapsed) [2026-05-07 23:20:32] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (515s elapsed) [2026-05-07 23:20:37] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (520s elapsed) [2026-05-07 23:20:43] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (525s elapsed) [2026-05-07 23:20:48] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (530s elapsed) [2026-05-07 23:20:53] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (535s elapsed) [2026-05-07 23:20:59] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (540s elapsed) [2026-05-07 23:21:04] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (545s elapsed) [2026-05-07 23:21:09] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (550s elapsed) [2026-05-07 23:21:15] [SUCCESS] All 43 applications refreshed ============================================================================= [2026-05-07 23:21:15] [STEP] Waiting for all ArgoCD applications to sync and become healthy ============================================================================= [2026-05-07 23:21:15] [INFO] Timeout: 2700 seconds (45 minutes) [2026-05-07 23:21:15] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 0s elapsed) [2026-05-07 23:21:15] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:21:15] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:21:25] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 10s elapsed) [2026-05-07 23:21:25] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:21:25] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:21:35] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 20s elapsed) [2026-05-07 23:21:35] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:21:35] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:21:46] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 30s elapsed) [2026-05-07 23:21:46] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:21:46] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:21:56] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 41s elapsed) [2026-05-07 23:21:56] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:21:56] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:22:06] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 51s elapsed) [2026-05-07 23:22:06] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:22:06] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:22:16] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 1s elapsed) [2026-05-07 23:22:16] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:22:16] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:22:26] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 11s elapsed) [2026-05-07 23:22:26] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:22:26] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:22:36] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 21s elapsed) [2026-05-07 23:22:36] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:22:36] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:22:47] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 31s elapsed) [2026-05-07 23:22:47] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:22:47] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:22:57] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 42s elapsed) [2026-05-07 23:22:57] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:22:57] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:23:07] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 52s elapsed) [2026-05-07 23:23:07] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:23:07] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:23:17] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 2s elapsed) [2026-05-07 23:23:17] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:23:17] [SUBSTEP] Detailed status of pending applications: [2026-05-07 23:23:17] [INFO] ├─ App: konflux-kite-in-cluster-local [2026-05-07 23:23:17] [INFO] │ ├─ Sync Status: OutOfSync [2026-05-07 23:23:17] [INFO] │ ├─ Health Status: Healthy [2026-05-07 23:23:17] [INFO] │ ├─ Out-of-sync resources: 1 [2026-05-07 23:23:17] [INFO] │ └─ Message: No message [2026-05-07 23:23:17] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:23:28] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 12s elapsed) [2026-05-07 23:23:28] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:23:28] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:23:38] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 23s elapsed) [2026-05-07 23:23:38] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:23:38] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:23:48] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 33s elapsed) [2026-05-07 23:23:48] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:23:48] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:23:58] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 43s elapsed) [2026-05-07 23:23:58] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:23:58] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:24:08] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 53s elapsed) [2026-05-07 23:24:08] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:24:08] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:24:19] [PROGRESS] Applications: 43/44 ready | 1 pending (3m 3s elapsed) [2026-05-07 23:24:19] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:24:19] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:24:29] [PROGRESS] Applications: 43/44 ready | 1 pending (3m 14s elapsed) [2026-05-07 23:24:29] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:24:29] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:24:39] [PROGRESS] Applications: 43/44 ready | 1 pending (3m 24s elapsed) [2026-05-07 23:24:39] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:24:39] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:24:49] [PROGRESS] Applications: 43/44 ready | 1 pending (3m 34s elapsed) [2026-05-07 23:24:49] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:24:49] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:24:59] [PROGRESS] Applications: 43/44 ready | 1 pending (3m 44s elapsed) [2026-05-07 23:24:59] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:24:59] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:25:10] [PROGRESS] Applications: 43/44 ready | 1 pending (3m 54s elapsed) [2026-05-07 23:25:10] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:25:10] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:25:20] [PROGRESS] Applications: 43/44 ready | 1 pending (4m 5s elapsed) [2026-05-07 23:25:20] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:25:20] [SUBSTEP] Detailed status of pending applications: [2026-05-07 23:25:20] [INFO] ├─ App: konflux-kite-in-cluster-local [2026-05-07 23:25:20] [INFO] │ ├─ Sync Status: OutOfSync [2026-05-07 23:25:20] [INFO] │ ├─ Health Status: Healthy [2026-05-07 23:25:20] [INFO] │ ├─ Out-of-sync resources: 1 [2026-05-07 23:25:20] [INFO] │ └─ Message: No message [2026-05-07 23:25:20] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:25:30] [PROGRESS] Applications: 43/44 ready | 1 pending (4m 15s elapsed) [2026-05-07 23:25:30] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:25:30] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:25:40] [PROGRESS] Applications: 43/44 ready | 1 pending (4m 25s elapsed) [2026-05-07 23:25:40] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:25:40] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:25:50] [PROGRESS] Applications: 43/44 ready | 1 pending (4m 35s elapsed) [2026-05-07 23:25:51] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:25:51] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:26:01] [PROGRESS] Applications: 43/44 ready | 1 pending (4m 46s elapsed) [2026-05-07 23:26:01] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:26:01] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:26:11] [PROGRESS] Applications: 43/44 ready | 1 pending (4m 56s elapsed) [2026-05-07 23:26:11] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:26:11] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:26:21] [PROGRESS] Applications: 43/44 ready | 1 pending (5m 6s elapsed) [2026-05-07 23:26:21] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:26:21] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:26:31] [PROGRESS] Applications: 43/44 ready | 1 pending (5m 16s elapsed) [2026-05-07 23:26:31] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:26:31] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:26:41] [PROGRESS] Applications: 43/44 ready | 1 pending (5m 26s elapsed) [2026-05-07 23:26:41] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:26:41] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:26:52] [PROGRESS] Applications: 43/44 ready | 1 pending (5m 36s elapsed) [2026-05-07 23:26:52] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:26:52] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:27:02] [PROGRESS] Applications: 43/44 ready | 1 pending (5m 47s elapsed) [2026-05-07 23:27:02] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:27:02] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:27:12] [PROGRESS] Applications: 43/44 ready | 1 pending (5m 57s elapsed) [2026-05-07 23:27:12] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:27:12] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:27:22] [PROGRESS] Applications: 43/44 ready | 1 pending (6m 7s elapsed) [2026-05-07 23:27:22] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:27:22] [SUBSTEP] Detailed status of pending applications: [2026-05-07 23:27:22] [INFO] ├─ App: konflux-kite-in-cluster-local [2026-05-07 23:27:22] [INFO] │ ├─ Sync Status: OutOfSync [2026-05-07 23:27:22] [INFO] │ ├─ Health Status: Healthy [2026-05-07 23:27:22] [INFO] │ ├─ Out-of-sync resources: 1 [2026-05-07 23:27:22] [INFO] │ └─ Message: No message [2026-05-07 23:27:22] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:27:33] [PROGRESS] Applications: 43/44 ready | 1 pending (6m 17s elapsed) [2026-05-07 23:27:33] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:27:33] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:27:43] [PROGRESS] Applications: 43/44 ready | 1 pending (6m 28s elapsed) [2026-05-07 23:27:43] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:27:43] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:27:53] [PROGRESS] Applications: 43/44 ready | 1 pending (6m 38s elapsed) [2026-05-07 23:27:53] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:27:53] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:28:03] [PROGRESS] Applications: 43/44 ready | 1 pending (6m 48s elapsed) [2026-05-07 23:28:03] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:28:03] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:28:13] [PROGRESS] Applications: 43/44 ready | 1 pending (6m 58s elapsed) [2026-05-07 23:28:13] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:28:13] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:28:24] [PROGRESS] Applications: 43/44 ready | 1 pending (7m 8s elapsed) [2026-05-07 23:28:24] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:28:24] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:28:34] [PROGRESS] Applications: 43/44 ready | 1 pending (7m 19s elapsed) [2026-05-07 23:28:34] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:28:34] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:28:44] [PROGRESS] Applications: 43/44 ready | 1 pending (7m 29s elapsed) [2026-05-07 23:28:44] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:28:44] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:28:54] [PROGRESS] Applications: 43/44 ready | 1 pending (7m 39s elapsed) [2026-05-07 23:28:54] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:28:54] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:29:04] [PROGRESS] Applications: 43/44 ready | 1 pending (7m 49s elapsed) [2026-05-07 23:29:04] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:29:04] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:29:15] [PROGRESS] Applications: 43/44 ready | 1 pending (7m 59s elapsed) [2026-05-07 23:29:15] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:29:15] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:29:25] [PROGRESS] Applications: 43/44 ready | 1 pending (8m 10s elapsed) [2026-05-07 23:29:25] [INFO] Pending: konflux-kite-in-cluster-local [2026-05-07 23:29:25] [SUBSTEP] Detailed status of pending applications: [2026-05-07 23:29:25] [INFO] ├─ App: konflux-kite-in-cluster-local [2026-05-07 23:29:25] [INFO] │ ├─ Sync Status: OutOfSync [2026-05-07 23:29:25] [INFO] │ ├─ Health Status: Healthy [2026-05-07 23:29:25] [INFO] │ ├─ Out-of-sync resources: 1 [2026-05-07 23:29:25] [INFO] │ └─ Message: No message [2026-05-07 23:29:25] [WAITING] Waiting 10 seconds before next sync check... [2026-05-07 23:29:35] [PROGRESS] Applications: 44/44 ready | 0 pending (8m 20s elapsed) [2026-05-07 23:29:35] [SUCCESS] All 44 ArgoCD applications are Synced and Healthy in 8m 20s ============================================================================= [2026-05-07 23:29:35] [STEP] Waiting for Tekton components to be ready ============================================================================= [2026-05-07 23:29:35] [INFO] Reference: https://tekton.dev/docs/operator/tektonconfig/#tekton-config [2026-05-07 23:29:35] [INFO] Timeout: 900 seconds (15 minutes) [2026-05-07 23:29:35] [PROGRESS] Tekton readiness check iteration 1: status=True (0m 0s elapsed) [2026-05-07 23:29:35] [SUCCESS] All Tekton components are installed and ready in 0m 0s ============================================================================= [2026-05-07 23:29:35] [STEP] Waiting for Tekton CRDs to be available ============================================================================= [2026-05-07 23:29:35] [PROGRESS] Tekton CRD check attempt 1/5 [2026-05-07 23:29:35] [SUCCESS] All required Tekton CRDs are available: pipelines tasks pipelineruns taskruns ============================================================================= [2026-05-07 23:29:35] [STEP] Configuring Pipelines as Code integration ============================================================================= [2026-05-07 23:29:35] [INFO] ============================================================================= [2026-05-07 23:29:35] [INFO] Pipelines as Code (PAC) Integration Setup [2026-05-07 23:29:35] [INFO] ============================================================================= [2026-05-07 23:29:35] [INFO] PAC Namespace: openshift-pipelines [2026-05-07 23:29:35] [INFO] PAC Secret Name: pipelines-as-code-secret [2026-05-07 23:29:35] [INFO] Integration Namespace: integration-service [2026-05-07 23:29:35] [INFO] Authentication method: GitHub App [2026-05-07 23:29:35] [INFO] - GitHub App ID: 310332 [2026-05-07 23:29:35] [INFO] Using existing QE sprayproxy configuration (webhook secret provided) [2026-05-07 23:29:35] [SUCCESS] GitHub App credentials configured [2026-05-07 23:29:35] [INFO] GitHub token provided via MY_GITHUB_TOKEN (fallback) [2026-05-07 23:29:35] [DEBUG] No GitLab token provided (PAC_GITLAB_TOKEN not set) [2026-05-07 23:29:35] [INFO] Creating required namespaces [2026-05-07 23:29:35] [SUBSTEP] Ensuring namespace 'openshift-pipelines' exists [2026-05-07 23:29:36] [DEBUG] Namespace 'openshift-pipelines' already exists [2026-05-07 23:29:36] [SUBSTEP] Ensuring namespace 'build-service' exists [2026-05-07 23:29:36] [DEBUG] Namespace 'build-service' already exists [2026-05-07 23:29:36] [SUBSTEP] Ensuring namespace 'integration-service' exists [2026-05-07 23:29:36] [DEBUG] Namespace 'integration-service' already exists [2026-05-07 23:29:36] [INFO] Configuring PAC secrets across namespaces [2026-05-07 23:29:36] [SUBSTEP] Creating PAC secret in namespace 'openshift-pipelines' secret/pipelines-as-code-secret created [2026-05-07 23:29:37] [SUCCESS] PAC secret configured in 'openshift-pipelines' [2026-05-07 23:29:37] [SUBSTEP] Creating PAC secret in namespace 'build-service' secret/pipelines-as-code-secret created [2026-05-07 23:29:37] [SUCCESS] PAC secret configured in 'build-service' [2026-05-07 23:29:37] [SUBSTEP] Creating PAC secret in namespace 'integration-service' secret/pipelines-as-code-secret created [2026-05-07 23:29:38] [SUCCESS] PAC secret configured in 'integration-service' [2026-05-07 23:29:38] [SUBSTEP] Creating PAC secret in namespace 'mintmaker' secret/pipelines-as-code-secret created [2026-05-07 23:29:39] [SUCCESS] PAC secret configured in 'mintmaker' [2026-05-07 23:29:39] [INFO] ============================================================================= [2026-05-07 23:29:39] [SUCCESS] PAC Integration Setup Complete [2026-05-07 23:29:39] [INFO] ============================================================================= [2026-05-07 23:29:39] [INFO] Configured namespaces: [2026-05-07 23:29:39] [INFO] - openshift-pipelines (PAC controller) [2026-05-07 23:29:39] [INFO] - build-service (Build Service) [2026-05-07 23:29:39] [INFO] - integration-service (Integration Service) [2026-05-07 23:29:39] [INFO] - mintmaker (Mintmaker) [PAC_SETUP_JSON] {"status":"success","namespaces":["openshift-pipelines","build-service","integration-service","mintmaker"],"github_app_configured":true,"github_token_configured":true,"gitlab_token_configured":false} [2026-05-07 23:29:39] [SUCCESS] Pipelines as Code configured ============================================================================= [2026-05-07 23:29:39] [STEP] Preview Environment Setup Complete ============================================================================= [2026-05-07 23:29:39] [SUCCESS] Konflux preview environment is ready! [2026-05-07 23:29:39] [INFO] - Fork: https://github.com/redhat-appstudio-qe/infra-deployments.git [2026-05-07 23:29:39] [INFO] - Branch: preview-main-qhni [2026-05-07 23:29:39] [INFO] - GitHub Org: redhat-appstudio-qe [2026-05-07 23:29:39] [INFO] - OpenShift Version: 4.18.9 [2026-05-07 23:29:39] [INFO] - End time: 2026-05-07 23:29:39 UTC ============================================================================= [2026-05-07 23:29:39] [STEP] Execution Summary ============================================================================= [2026-05-07 23:29:39] [SUCCESS] Status: SUCCESS [2026-05-07 23:29:39] [INFO] Total Execution Time: 18m 51s (1131 seconds) [2026-05-07 23:29:39] [INFO] Applications Deployed: 44 [EXECUTION_SUMMARY_JSON] {"status":"success","total_time_seconds":1131,"apps_deployed":44,"ocp_version":"4.18.9","preview_branch":"preview-main-qhni","git_repo":"https://github.com/redhat-appstudio-qe/infra-deployments.git"} Switched to branch 'main' Your branch is up to date with 'upstream/main'. ============================================================================= [2026-05-07 23:29:39] [STEP] Cluster Bootstrap Complete ============================================================================= [2026-05-07 23:29:39] [SUCCESS] Konflux cluster bootstrap finished successfully [2026-05-07 23:29:39] [INFO] - Mode: preview [2026-05-07 23:29:39] [INFO] - Total time: 20m 40s [2026-05-07 23:29:39] [INFO] - End time: 2026-05-07 23:29:39 UTC [BOOTSTRAP_SUMMARY_JSON] {"status":"success","mode":"preview","obo_enabled":false,"eaas_enabled":false,"total_time_seconds":1240} [controller-runtime] log.SetLogger(...) was never called; logs will not be displayed. Detected at: > goroutine 135 [running]: > runtime/debug.Stack() > /usr/lib/golang/src/runtime/debug/stack.go:26 +0x5e > sigs.k8s.io/controller-runtime/pkg/log.eventuallyFulfillRoot() > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/log/log.go:60 +0xcd > sigs.k8s.io/controller-runtime/pkg/log.(*delegatingLogSink).WithName(0xc00012c000, {0x355cda5, 0x14}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/log/deleg.go:147 +0x3e > github.com/go-logr/logr.Logger.WithName({{0x3c750b8, 0xc00012c000}, 0x0}, {0x355cda5?, 0x0?}) > /opt/app-root/src/go/pkg/mod/github.com/go-logr/logr@v1.4.3/logr.go:345 +0x36 > sigs.k8s.io/controller-runtime/pkg/client.newClient(0x1?, {0x0, 0xc0000311f0, {0x0, 0x0}, 0x0, 0x0}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/client/client.go:118 +0xdb > sigs.k8s.io/controller-runtime/pkg/client.New(0xc000874008?, {0x0, 0xc0000311f0, {0x0, 0x0}, 0x0, 0x0}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/client/client.go:98 +0x4d > github.com/konflux-ci/e2e-tests/pkg/clients/kubernetes.NewAdminKubernetesClient() > /tmp/tmp.72Gj3TWGe0/pkg/clients/kubernetes/client.go:159 +0x8f > github.com/konflux-ci/e2e-tests/pkg/clients/sprayproxy.GetPaCHost() > /tmp/tmp.72Gj3TWGe0/pkg/clients/sprayproxy/sprayproxy.go:93 +0x1c > github.com/konflux-ci/e2e-tests/magefiles/rulesengine/repos.registerPacServer() > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/repos/common.go:421 +0x78 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine/repos.init.func8(0xc00032af08?) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/repos/common.go:373 +0x25 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.ActionFunc.Execute(0xc?, 0x3537388?) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:279 +0x19 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Apply(...) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:315 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Check(0x5c34e80, 0xc00032af08) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:348 +0xb3 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.All.Check({0x5c2d1c0?, 0xc00150fbd8?, 0x24113f9?}, 0xc00032af08) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:245 +0x4f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Eval(...) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:308 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Check(0x5c34f40, 0xc00032af08) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:340 +0x2b > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.All.Check({0x5c36bc0?, 0x2?, 0xc0000368c0?}, 0xc00032af08) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:245 +0x4f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Eval(...) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:308 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*RuleEngine).runLoadedCatalog(0x5c65dd0, {0xc000440a08?, 0xc000a0fe60?, 0x3587c5c?}, 0xc00032af08) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:129 +0x11f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*RuleEngine).RunRulesOfCategory(0x5c65dd0, {0x3531522, 0x2}, 0xc00032af08) > /tmp/tmp.72Gj3TWGe0/magefiles/rulesengine/types.go:121 +0x1b4 > main.CI.TestE2E({}) > /tmp/tmp.72Gj3TWGe0/magefiles/magefile.go:330 +0x18a > main.main.func20({0xc00038ee00?, 0xc000097208?}) > /tmp/tmp.72Gj3TWGe0/magefiles/mage_output_file.go:888 +0xf > main.main.func12.1() > /tmp/tmp.72Gj3TWGe0/magefiles/mage_output_file.go:306 +0x5b > created by main.main.func12 in goroutine 1 > /tmp/tmp.72Gj3TWGe0/magefiles/mage_output_file.go:301 +0xbe I0507 23:29:39.429865 27427 common.go:429] Registered PaC server: https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com I0507 23:29:39.495574 27427 common.go:454] The PaC servers registered in Sprayproxy: https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-84e8778f97.m40g.p3.openshiftapps.com, https://pipelines-as-code-controller-openshift-pipelines.apps.konflux-4-18-us-west-2-69skt.konflux-qe.devcluster.openshift.com, https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-30be073cb5.8zf5.p3.openshiftapps.com, https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-5c73bd6c60.cpmk.p3.openshiftapps.com, https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-b992765737.6lwj.p3.openshiftapps.com, https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-580c3d7536.4331.p3.openshiftapps.com I0507 23:29:39.495589 27427 common.go:470] going to create new Tekton bundle remote-build for the purpose of testing multi-platform-controller PR I0507 23:29:39.798727 27427 common.go:511] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06 I0507 23:29:39.802335 27427 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196579-zamh -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0507 23:29:41.440326 27427 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196579-zamh: quay.io/redhat-appstudio-qe/test-images@sha256:1cde32ddaa402df261c015fcffde6bcef1dedbbd61cd3bfe7ea7d7bbc29b6b3b I0507 23:29:41.440344 27427 common.go:537] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_ARM64 to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196579-zamh I0507 23:29:41.693567 27427 common.go:511] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06 I0507 23:29:41.695521 27427 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196581-sqfq -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0507 23:29:42.743393 27427 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196581-sqfq: quay.io/redhat-appstudio-qe/test-images@sha256:fdef25ffc244c4b559c7bfbc2668f5313c67c3d95b4ab582f066fc5daaddff32 I0507 23:29:42.743413 27427 common.go:537] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_S390X to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196581-sqfq I0507 23:29:42.932370 27427 common.go:511] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06 I0507 23:29:42.934427 27427 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196582-sohm -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0507 23:29:44.228563 27427 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196582-sohm: quay.io/redhat-appstudio-qe/test-images@sha256:069058fc3e6992b74dcbe91fd20d3e1fc29e2a9bee3899102ec9412f0a4a2eae I0507 23:29:44.228598 27427 common.go:537] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_PPC64LE to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1778196582-sohm exec: ginkgo "--seed=1778195330" "--timeout=1h30m0s" "--grace-period=30s" "--output-interceptor-mode=none" "--no-color" "--json-report=e2e-report.json" "--junit-report=e2e-report.xml" "--procs=20" "--nodes=20" "--p" "--output-dir=/workspace/artifact-dir" "./cmd" "--" go: downloading github.com/konflux-ci/build-service v0.0.0-20240611083846-2dee6cfe6fe4 go: downloading github.com/minio/minio-go/v7 v7.0.99 go: downloading github.com/IBM/go-sdk-core/v5 v5.15.3 go: downloading github.com/IBM/vpc-go-sdk v0.48.0 go: downloading github.com/aws/aws-sdk-go-v2 v1.41.3 go: downloading github.com/aws/aws-sdk-go-v2/config v1.32.5 go: downloading github.com/aws/aws-sdk-go-v2/service/ec2 v1.143.0 go: downloading github.com/go-ini/ini v1.67.0 go: downloading github.com/dustin/go-humanize v1.0.1 go: downloading github.com/minio/md5-simd v1.1.2 go: downloading github.com/klauspost/crc32 v1.3.0 go: downloading github.com/minio/crc64nvme v1.1.1 go: downloading github.com/tinylib/msgp v1.6.1 go: downloading github.com/rs/xid v1.6.0 go: downloading github.com/aws/smithy-go v1.24.2 go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.19.5 go: downloading github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.30.7 go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 go: downloading github.com/philhofer/fwd v1.2.0 go: downloading github.com/go-playground/validator/v10 v10.17.0 go: downloading github.com/go-openapi/strfmt v0.25.0 go: downloading go.mongodb.org/mongo-driver v1.17.9 go: downloading github.com/go-openapi/errors v0.22.7 go: downloading github.com/oklog/ulid v1.3.1 go: downloading github.com/go-viper/mapstructure/v2 v2.4.0 go: downloading github.com/google/go-github/v45 v45.2.0 go: downloading github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 go: downloading github.com/leodido/go-urn v1.3.0 go: downloading github.com/gabriel-vasile/mimetype v1.4.3 go: downloading github.com/go-playground/universal-translator v0.18.1 go: downloading github.com/go-playground/locales v0.14.1 Running Suite: Red Hat App Studio E2E tests - /tmp/tmp.72Gj3TWGe0/cmd ===================================================================== Random Seed: 1778195330 Will run 381 of 469 specs Running in parallel across 20 processes ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the release CR is created [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rhtap_service_push.go:150 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:123 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies the rhtap release pipelinerun is running and succeeds [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rhtap_service_push.go:160 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:128 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rhtap_service_push.go:190 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the PR in infra-deployments repo is created/updated [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rhtap_service_push.go:200 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:132 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:136 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:178 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if release CR is created [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/release_to_github.go:138 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:183 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:187 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies the release pipelinerun is running and succeeds [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/release_to_github.go:148 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:191 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:233 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/release_to_github.go:181 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if the Release exists in github repo [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/release_to_github.go:192 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:238 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:242 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the release CR is created [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_registry_redhat_io.go:108 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies the rhio release pipelinerun is running and succeeds [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_registry_redhat_io.go:118 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:246 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR is created for the Snapshot [release-pipelines, rh-push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_external_registry.go:215 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:286 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_registry_redhat_io.go:148 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification verifies a release PipelineRun is started and succeeded in managed namespace [release-pipelines, rh-push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_external_registry.go:226 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the MR URL is valid [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_registry_redhat_io.go:159 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:291 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validate the result of task create-pyxis-image contains image ids [release-pipelines, rh-push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_external_registry.go:233 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:295 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release CR should have been created in the dev namespace [release-pipelines, push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/push_to_external_registry.go:157 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/fbc_release.go:299 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that Release PipelineRun should eventually succeed [release-pipelines, push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/push_to_external_registry.go:164 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context points to a file [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:188 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR has completed [release-pipelines, rh-push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_external_registry.go:248 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the release CR is created [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/multiarch_advisories.go:112 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification tests if the image was pushed to quay [release-pipelines, push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/push_to_external_registry.go:168 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles from specific context [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:199 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validates that imageIds from task create-pyxis-image exist in Pyxis. [release-pipelines, rh-push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_push_to_external_registry.go:265 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the multiarch release pipelinerun is running and succeeds [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/multiarch_advisories.go:122 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release is marked as succeeded. [release-pipelines, push-to-external-registry] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/push_to_external_registry.go:175 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/multiarch_advisories.go:152 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context is the root directory [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:209 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/multiarch_advisories.go:163 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when context points to a file and a directory [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:218 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when using negation [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:228 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding HOME environment variable [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:238 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding STEP image [build-templates] /tmp/tmp.72Gj3TWGe0/tests/build/tkn-bundle.go:247 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-host-pool] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:120 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-host-pool] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:124 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-host-pool] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:127 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-host-pool] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:148 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created test that cleanup happened successfully [multi-platform, aws-host-pool] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:152 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:251 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:255 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:259 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:263 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, aws-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:267 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmz-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:341 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmz-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:345 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if release CR is created [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_advisories.go:117 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmz-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:349 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies the advs release pipelinerun is running and succeeds [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_advisories.go:127 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmz-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:353 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_advisories.go:157 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmz-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:357 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.72Gj3TWGe0/tests/release/pipelines/rh_advisories.go:168 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmp-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:432 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmp-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:436 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmp-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:440 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmp-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:444 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmp-dynamic] /tmp/tmp.72Gj3TWGe0/tests/build/multi-platform.go:448 ------------------------------ • [PANICKED] [10.902 seconds] [upgrade-suite Create users and check their state] [It] Verify AppStudioProvisionedUser [upgrade-verify] /tmp/tmp.72Gj3TWGe0/tests/upgrade/verifyWorkload.go:20 Timeline >> "msg"="Observed a panic" "error"=null "panic"="runtime error: invalid memory address or nil pointer dereference" "panicGoValue"="\"invalid memory address or nil pointer dereference\"" "stacktrace"="goroutine 152 [running]:\nk8s.io/apimachinery/pkg/util/runtime.logPanic({0x43888a0, 0xc001c91620}, {0x3473cc0, 0x658c480})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:132 +0xbc\nk8s.io/apimachinery/pkg/util/runtime.handleCrash({0x4388948, 0xc000249570}, {0x3473cc0, 0x658c480}, {0x0, 0x0, 0x4470a0?})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:107 +0x116\nk8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x4388948, 0xc000249570}, {0x0, 0x0, 0x0})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a\npanic({0x3473cc0?, 0x658c480?})\n\t/usr/lib/golang/src/runtime/panic.go:783 +0x132\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1()\n\t/tmp/tmp.72Gj3TWGe0/pkg/sandbox/sandbox.go:319 +0x35\ngithub.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc000249601?, 0xc001e0fc18?})\n\t/tmp/tmp.72Gj3TWGe0/pkg/utils/util.go:129 +0x13\nk8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x4388948?, 0xc000249570?}, 0x4388948?)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62\nk8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x4388948, 0xc000249570}, {0x4373580, 0xc000484c40}, 0x1, 0x0, 0xc001e0fd90)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115\nk8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x43887f8?, 0x663efc0?}, 0xee6b2800, 0x41d765?, 0x1, 0xc001e0fd90)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5\ngithub.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc001e0fdd8?, 0x1?)\n\t/tmp/tmp.72Gj3TWGe0/pkg/utils/util.go:129 +0x45\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x3b9562a?, {0x3b9562a?, 0x3b91e4b?}, 0x8?)\n\t/tmp/tmp.72Gj3TWGe0/pkg/sandbox/sandbox.go:318 +0x72\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x3b9562a, 0x9})\n\t/tmp/tmp.72Gj3TWGe0/pkg/sandbox/sandbox.go:314 +0x4b\ngithub.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?)\n\t/tmp/tmp.72Gj3TWGe0/tests/upgrade/verify/verifyUsers.go:14 +0x25\ngithub.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2()\n\t/tmp/tmp.72Gj3TWGe0/tests/upgrade/verifyWorkload.go:21 +0x1a\ngithub.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0x0?, 0x0?})\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/node.go:585 +0x13\ngithub.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3()\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:946 +0x393\ncreated by github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 120\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:911 +0xd90\n" [PANICKED] in [It] - /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 @ 05/07/26 23:32:12.258 << Timeline [PANICKED] Test Panicked In [It] at: /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 @ 05/07/26 23:32:12.258 runtime error: invalid memory address or nil pointer dereference Full Stack Trace k8s.io/apimachinery/pkg/util/runtime.handleCrash({0x4388948, 0xc000249570}, {0x3473cc0, 0x658c480}, {0x0, 0x0, 0x4470a0?}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 +0x1a9 k8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x4388948, 0xc000249570}, {0x0, 0x0, 0x0}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a panic({0x3473cc0?, 0x658c480?}) /usr/lib/golang/src/runtime/panic.go:783 +0x132 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1() /tmp/tmp.72Gj3TWGe0/pkg/sandbox/sandbox.go:319 +0x35 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc000249601?, 0xc001e0fc18?}) /tmp/tmp.72Gj3TWGe0/pkg/utils/util.go:129 +0x13 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x4388948?, 0xc000249570?}, 0x4388948?) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x4388948, 0xc000249570}, {0x4373580, 0xc000484c40}, 0x1, 0x0, 0xc001e17d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115 k8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x43887f8?, 0x663efc0?}, 0xee6b2800, 0x41d765?, 0x1, 0xc001e0fd90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc001e0fdd8?, 0x1?) /tmp/tmp.72Gj3TWGe0/pkg/utils/util.go:129 +0x45 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x3b9562a?, {0x3b9562a?, 0x3b91e4b?}, 0x8?) /tmp/tmp.72Gj3TWGe0/pkg/sandbox/sandbox.go:318 +0x72 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x3b9562a, 0x9}) /tmp/tmp.72Gj3TWGe0/pkg/sandbox/sandbox.go:314 +0x4b github.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?) /tmp/tmp.72Gj3TWGe0/tests/upgrade/verify/verifyUsers.go:14 +0x25 github.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2() /tmp/tmp.72Gj3TWGe0/tests/upgrade/verifyWorkload.go:21 +0x1a ------------------------------ SS••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created when second component is deleted, pac pr branch should not exist in the repo [build-service, github, pac-build, secret-lookup] /tmp/tmp.72Gj3TWGe0/tests/build/secret_lookup.go:206 ------------------------------ ••• ------------------------------ • [FAILED] [383.486 seconds] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private [It] correctly targets the default branch (that is not named 'main') with PaC [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:136 Timeline >> Image repository for component fj-test-custom-default-uupmkx in namespace build-e2e-qrsw do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-default-uupmkx in namespace build-e2e-qrsw do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-default-uupmkx in namespace build-e2e-qrsw do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-default-uupmkx in namespace build-e2e-qrsw do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-default-uupmkx in namespace build-e2e-qrsw do not have right state ('' != 'ready') yet but it has status { { } { } []}. Image repository for component fj-test-custom-default-uupmkx in namespace build-e2e-qrsw do not have right state ('' != 'ready') yet but it has status { { } { } []}. [FAILED] in [It] - /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:150 @ 05/07/26 23:38:24.58 << Timeline [FAILED] Timed out after 300.000s. timed out when waiting for init PaC PR to be created against default branch in konflux-qe/devfile-sample-hello-world-atpxoz repository Expected : false to be true In [It] at: /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:150 @ 05/07/26 23:38:24.58 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:642 ------------------------------ SS•••• ------------------------------ • [FAILED] [441.289 seconds] [integration-service-suite Status Reporting of Integration tests] with status reporting of Integration tests in CheckRuns when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, github-status-reporting, custom-branch] /tmp/tmp.72Gj3TWGe0/tests/integration-service/status-reporting-to-pullrequest.go:144 Timeline >> PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Running PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: PipelineRunStopping PipelineRun test-component-pac-eznbmv-on-pull-request-9jchc reason: Failed [FAILED] in [It] - /tmp/tmp.72Gj3TWGe0/tests/integration-service/status-reporting-to-pullrequest.go:146 @ 05/07/26 23:42:28.05 << Timeline [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-tomz/integ-app-cela/test-component-pac-eznbmv with logs: Pipelinerun 'test-component-pac-eznbmv-on-pull-request-9jchc' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc000f814c0>: Pipelinerun 'test-component-pac-eznbmv-on-pull-request-9jchc' didn't succeed { s: "Pipelinerun 'test-component-pac-eznbmv-on-pull-request-9jchc' didn't succeed\n", } In [It] at: /tmp/tmp.72Gj3TWGe0/tests/integration-service/status-reporting-to-pullrequest.go:146 @ 05/07/26 23:42:28.05 ------------------------------ SSSSSSSSSSSSSSSSSSSSSS•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• ------------------------------ • [FAILED] [905.646 seconds] [integration-service-suite Gitlab Status Reporting of Integration tests] Gitlab with status reporting of Integration tests in the assosiated merge request when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, gitlab-status-reporting, custom-branch] /tmp/tmp.72Gj3TWGe0/tests/integration-service/gitlab-integration-reporting.go:148 Timeline >> PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq found for Component gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq reason: Failed attempt 1/3: PipelineRun "test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq" failed: pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq-init-pod | init container: prepare 2026/05/07 23:34:39 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-qr6rq-init-pod | container step-init: time="2026-05-07T23:34:42Z" level=info msg="[param] enable: false" time="2026-05-07T23:34:42Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T23:34:42Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T23:34:42Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T23:34:42Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T23:34:42Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T23:34:42Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T23:34:42Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T23:34:42Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-qtyrdo126e4130fa6d2c3af46fb426f6afaba7-pod | init container: prepare 2026/05/07 23:40:45 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo126e4130fa6d2c3af46fb426f6afaba7-pod | init container: place-scripts 2026/05/07 23:40:45 Decoded script /tekton/scripts/script-0-lplh9 2026/05/07 23:40:45 Decoded script /tekton/scripts/script-1-qmwcp pod: test-comp-pac-gitlab-qtyrdo126e4130fa6d2c3af46fb426f6afaba7-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 44.444 sec (0 m 44 s) Start Date: 2026:05:07 23:41:03 End Date: 2026:05:07 23:41:48 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27993/Wed May 6 06:24:57 2026 Database version: 27993 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778197308","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197308","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197308","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c", "digests": ["sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007"]}} pod: test-comp-pac-gitlab-qtyrdo126e4130fa6d2c3af46fb426f6afaba7-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c@sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading a0adfe68dc96 clamscan-ec-test-amd64.json Uploading 61dbab0f53db clamscan-result-amd64.log Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded a0adfe68dc96 clamscan-ec-test-amd64.json Uploaded 61dbab0f53db clamscan-result-amd64.log Uploading 5cc94250d1a6 application/vnd.oci.image.manifest.v1+json Uploaded 5cc94250d1a6 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c@sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 Digest: sha256:5cc94250d1a6bd571665bdaec2ed2ec9d712804eed96646677657cab0c1a0378 pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | init container: prepare 2026/05/07 23:40:34 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | init container: place-scripts 2026/05/07 23:40:34 Decoded script /tekton/scripts/script-0-kmfxx 2026/05/07 23:40:34 Decoded script /tekton/scripts/script-1-j9lqq 2026/05/07 23:40:34 Decoded script /tekton/scripts/script-2-rpxqk 2026/05/07 23:40:34 Decoded script /tekton/scripts/script-3-qkj8g 2026/05/07 23:40:34 Decoded script /tekton/scripts/script-4-gphvd 2026/05/07 23:40:34 Decoded script /tekton/scripts/script-5-zdxgw pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Auth json written to "/auth/auth.json". pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | container step-set-skip-for-bundles: 2026/05/07 23:40:41 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | container step-app-check: time="2026-05-07T23:40:41Z" level=info msg="certification library version" version="1.17.2 " time="2026-05-07T23:40:41Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c for platform amd64" time="2026-05-07T23:40:41Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c" time="2026-05-07T23:40:48Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-447560067/fs/licenses: no such file or directory" check=HasLicense time="2026-05-07T23:40:48Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-07T23:40:48Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-07T23:40:48Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-07T23:40:48Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-07T23:40:48Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-07T23:40:48Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-05-07T23:40:48Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-07T23:40:57Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-07T23:40:57Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-07T23:40:57Z" level=info msg="This image's tag on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c will be paired with digest sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 35, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8509, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 164, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-07T23:40:57Z" level=info msg="Preflight result: FAILED" pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778197258","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c pod: test-comp-pac-gitlab-qtyrdoaf31b616e81f1f84cb113d757e0bb4c8-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778197258","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-comp-pac-gitlab-qtyrdoba31de6d0216cc144bfd92e301e6acd2-pod | init container: prepare 2026/05/07 23:39:01 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdoba31de6d0216cc144bfd92e301e6acd2-pod | init container: place-scripts 2026/05/07 23:39:02 Decoded script /tekton/scripts/script-0-dj86v 2026/05/07 23:39:02 Decoded script /tekton/scripts/script-1-qvlrr 2026/05/07 23:39:02 Decoded script /tekton/scripts/script-2-mj2xz 2026/05/07 23:39:02 Decoded script /tekton/scripts/script-3-j7jvg pod: test-comp-pac-gitlab-qtyrdoba31de6d0216cc144bfd92e301e6acd2-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007. pod: test-comp-pac-gitlab-qtyrdoba31de6d0216cc144bfd92e301e6acd2-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-05-07T23:40:14Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"}] 2026-05-07T23:40:14Z INF libvuln initialized component=libvuln/New 2026-05-07T23:40:14Z INF registered configured scanners component=libindex/New 2026-05-07T23:40:14Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-05-07T23:40:14Z INF index request start component=libindex/Libindex.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 2026-05-07T23:40:14Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 2026-05-07T23:40:14Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=CheckManifest 2026-05-07T23:40:14Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=FetchLayers 2026-05-07T23:40:16Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=FetchLayers 2026-05-07T23:40:16Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=FetchLayers 2026-05-07T23:40:16Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=ScanLayers 2026-05-07T23:40:16Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697 scanner=rhel_containerscanner state=ScanLayers 2026-05-07T23:40:16Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.19.0.10-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-05-07T23:40:16Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=ScanLayers 2026-05-07T23:40:16Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=IndexManifest 2026-05-07T23:40:16Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=IndexFinished 2026-05-07T23:40:16Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 state=IndexFinished 2026-05-07T23:40:21Z INF index request done component=libindex/Libindex.Index manifest=sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 { "manifest_hash": "sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "22yBCZl99yVP86UHT7jTdw==": { "id": "22yBCZl99yVP86UHT7jTdw==", "name": "tzdata", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2gKctomQ2vBMxlyAOjcc7g==": { "id": "2gKctomQ2vBMxlyAOjcc7g==", "name": "sed", "version": "4.5-5.el8_10", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4flTdmUV4iK1Ax+LXJm8qQ==": { "id": "4flTdmUV4iK1Ax+LXJm8qQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4mBaAtvqw4Xnt3KyHa6xnQ==": { "id": "4mBaAtvqw4Xnt3KyHa6xnQ==", "name": "java-17-openjdk-headless", "version": "1:17.0.19.0.10-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.19.0.10-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACY3djwkey7ZIXbd0V+Giw==": { "id": "ACY3djwkey7ZIXbd0V+Giw==", "name": "nss-sysinit", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AIs6pmCup5N9+6Ag6e2/og==": { "id": "AIs6pmCup5N9+6Ag6e2/og==", "name": "openssl-libs", "version": "1:1.1.1k-15.el8_6", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-15.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CP6fmHsRon29d9dGmAC8yQ==": { "id": "CP6fmHsRon29d9dGmAC8yQ==", "name": "nss-softokn", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DV119Dw0W4RdsbJkdoHU9w==": { "id": "DV119Dw0W4RdsbJkdoHU9w==", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DgyhtZBcSIlVmY6xC8s1mA==": { "id": "DgyhtZBcSIlVmY6xC8s1mA==", "name": "coreutils-single", "version": "8.30-17.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-17.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Dmgfuk4/ZGW2Pjrf3pzOwg==": { "id": "Dmgfuk4/ZGW2Pjrf3pzOwg==", "name": "nss-util", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KYSXsdsObSOPb3/iOOdbDw==": { "id": "KYSXsdsObSOPb3/iOOdbDw==", "name": "nss-softokn-freebl", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LkoLKEri5dIAb0vFMkSOag==": { "id": "LkoLKEri5dIAb0vFMkSOag==", "name": "glibc-common", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MA5xnJmwv4AJZhc2768UiA==": { "id": "MA5xnJmwv4AJZhc2768UiA==", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ORsDK2A5479NPB0r01PoXQ==": { "id": "ORsDK2A5479NPB0r01PoXQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5UTXxqhA6R98OWY7h85rQ==": { "id": "P5UTXxqhA6R98OWY7h85rQ==", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PYGQE1Mr52aqIP4tEB4VSw==": { "id": "PYGQE1Mr52aqIP4tEB4VSw==", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RRWuvyUdhwGbBo2a/Ra1hw==": { "id": "RRWuvyUdhwGbBo2a/Ra1hw==", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U3ZkYu9FoEzQITrVBlQtLA==": { "id": "U3ZkYu9FoEzQITrVBlQtLA==", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Vax934M9zGbzjdT3Y/XU9w==": { "id": "Vax934M9zGbzjdT3Y/XU9w==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ar0do80Wlk1FaVvtx66g6Q==": { "id": "ar0do80Wlk1FaVvtx66g6Q==", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iKjky3d+XDnwdlXfvLvp/A==": { "id": "iKjky3d+XDnwdlXfvLvp/A==", "name": "python3-libs", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "j5YRt82iOHry4ndSyCLgaA==": { "id": "j5YRt82iOHry4ndSyCLgaA==", "name": "cups-libs", "version": "1:2.2.6-67.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-67.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kup9SZcgg13wnbXIW3GyJA==": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oUYls//IDfQ4QSLGKlUoZg==": { "id": "oUYls//IDfQ4QSLGKlUoZg==", "name": "systemd-libs", "version": "239-82.el8_10.16", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.16", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "q4X/5GGPJSNoqWY61ewdVA==": { "id": "q4X/5GGPJSNoqWY61ewdVA==", "name": "tzdata-java", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "qdszmGofYYLyezIthPq1jw==": { "id": "qdszmGofYYLyezIthPq1jw==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1777859697", "kind": "binary", "source": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "trIX86+UkjuJsaeYfHvnYw==": { "id": "trIX86+UkjuJsaeYfHvnYw==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.2", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQNSAAyfpn1pixah4j5PmA==": { "id": "wQNSAAyfpn1pixah4j5PmA==", "name": "platform-python", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zdqdBY2jg/Zs374g8Ylc6g==": { "id": "zdqdBY2jg/Zs374g8Ylc6g==", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "06cdb01a-ba5e-4eee-8903-f568c896f996": { "id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "3618dc20-e117-4555-a973-3a8c5f288459": { "id": "3618dc20-e117-4555-a973-3a8c5f288459", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "43792c6b-6709-4491-a006-91b78e712b1e": { "id": "43792c6b-6709-4491-a006-91b78e712b1e", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c": { "id": "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41": { "id": "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "a2fb4033-7cf8-400f-8560-a17537d15fc7": { "id": "a2fb4033-7cf8-400f-8560-a17537d15fc7", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "cdb91037-e783-4b33-aa62-4670d4cf06b4": { "id": "cdb91037-e783-4b33-aa62-4670d4cf06b4", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "22yBCZl99yVP86UHT7jTdw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "2gKctomQ2vBMxlyAOjcc7g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7fd7ba7574102290c12ac54532b00a6ebd3ed12f9e35a17a34035987b0ac5993", "distribution_id": "", "repository_ids": [ "3618dc20-e117-4555-a973-3a8c5f288459" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7fd7ba7574102290c12ac54532b00a6ebd3ed12f9e35a17a34035987b0ac5993", "distribution_id": "", "repository_ids": [ "3618dc20-e117-4555-a973-3a8c5f288459" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "ACY3djwkey7ZIXbd0V+Giw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "AIs6pmCup5N9+6Ag6e2/og==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "CP6fmHsRon29d9dGmAC8yQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "DV119Dw0W4RdsbJkdoHU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "DgyhtZBcSIlVmY6xC8s1mA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "KYSXsdsObSOPb3/iOOdbDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "LkoLKEri5dIAb0vFMkSOag==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "MA5xnJmwv4AJZhc2768UiA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "ORsDK2A5479NPB0r01PoXQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "P5UTXxqhA6R98OWY7h85rQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "PYGQE1Mr52aqIP4tEB4VSw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7fd7ba7574102290c12ac54532b00a6ebd3ed12f9e35a17a34035987b0ac5993", "distribution_id": "", "repository_ids": [ "3618dc20-e117-4555-a973-3a8c5f288459" ] } ], "RRWuvyUdhwGbBo2a/Ra1hw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "U3ZkYu9FoEzQITrVBlQtLA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "Vax934M9zGbzjdT3Y/XU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "ar0do80Wlk1FaVvtx66g6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "iKjky3d+XDnwdlXfvLvp/A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "j5YRt82iOHry4ndSyCLgaA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "kup9SZcgg13wnbXIW3GyJA==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "cdb91037-e783-4b33-aa62-4670d4cf06b4", "cdb91037-e783-4b33-aa62-4670d4cf06b4" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "oUYls//IDfQ4QSLGKlUoZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "q4X/5GGPJSNoqWY61ewdVA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "qdszmGofYYLyezIthPq1jw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "cdb91037-e783-4b33-aa62-4670d4cf06b4", "cdb91037-e783-4b33-aa62-4670d4cf06b4" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "trIX86+UkjuJsaeYfHvnYw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "wQNSAAyfpn1pixah4j5PmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7fd7ba7574102290c12ac54532b00a6ebd3ed12f9e35a17a34035987b0ac5993", "distribution_id": "", "repository_ids": [ "3618dc20-e117-4555-a973-3a8c5f288459" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "4edff5e1-1bcf-4f7f-8a1c-cec47bd50e41", "43792c6b-6709-4491-a006-91b78e712b1e" ] } ], "zdqdBY2jg/Zs374g8Ylc6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "06cdb01a-ba5e-4eee-8903-f568c896f996", "repository_ids": [ "a2fb4033-7cf8-400f-8560-a17537d15fc7", "4818abd9-6bbe-47c9-ab37-e0eab3e5e99c" ] } ] }, "vulnerabilities": { "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0QzoXQSqkKieJ7Oc+px0JA==": { "id": "0QzoXQSqkKieJ7Oc+px0JA==", "updater": "rhel-vex", "name": "CVE-2025-13837", "description": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.", "issued": "2025-12-01T18:13:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13837 https://bugzilla.redhat.com/show_bug.cgi?id=2418084 https://www.cve.org/CVERecord?id=CVE-2025-13837 https://nvd.nist.gov/vuln/detail/CVE-2025-13837 https://github.com/python/cpython/issues/119342 https://github.com/python/cpython/pull/119343 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13837.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0WTD6ZUY2Zj2w0R3oyPWRw==": { "id": "0WTD6ZUY2Zj2w0R3oyPWRw==", "updater": "rhel-vex", "name": "CVE-2026-34980", "description": "A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the `page-border` value, allowing an attacker to embed and reparse malicious text as a trusted scheduler control record. This can lead to arbitrary code execution with the privileges of the 'lp' user, potentially compromising the affected system.", "issued": "2026-04-03T21:18:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34980 https://bugzilla.redhat.com/show_bug.cgi?id=2454954 https://www.cve.org/CVERecord?id=CVE-2026-34980 https://nvd.nist.gov/vuln/detail/CVE-2026-34980 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34980.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0fCtWwB6iclgRvIA+IqiJQ==": { "id": "0fCtWwB6iclgRvIA+IqiJQ==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0nQ3GJDLY22M176Z5ESg6A==": { "id": "0nQ3GJDLY22M176Z5ESg6A==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0v/g0Z/XEXV13r48i52JgA==": { "id": "0v/g0Z/XEXV13r48i52JgA==", "updater": "rhel-vex", "name": "CVE-2026-6276", "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6276 https://bugzilla.redhat.com/show_bug.cgi?id=2461203 https://www.cve.org/CVERecord?id=CVE-2026-6276 https://nvd.nist.gov/vuln/detail/CVE-2026-6276 https://curl.se/docs/CVE-2026-6276.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6276.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1lUHOMB3ANHGWpqCBv9Ynw==": { "id": "1lUHOMB3ANHGWpqCBv9Ynw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1vG4ZYIu07BTj9XJ+a+P9Q==": { "id": "1vG4ZYIu07BTj9XJ+a+P9Q==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "29qrZyz+fmdn9Nzjpl2/Pg==": { "id": "29qrZyz+fmdn9Nzjpl2/Pg==", "updater": "rhel-vex", "name": "CVE-2026-22693", "description": "A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault.", "issued": "2026-01-10T05:53:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22693 https://bugzilla.redhat.com/show_bug.cgi?id=2428439 https://www.cve.org/CVERecord?id=CVE-2026-22693 https://nvd.nist.gov/vuln/detail/CVE-2026-22693 https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22693.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U6d1qsPVwS8vUnflv9AcQ==": { "id": "2U6d1qsPVwS8vUnflv9AcQ==", "updater": "rhel-vex", "name": "CVE-2026-4873", "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4873 https://bugzilla.redhat.com/show_bug.cgi?id=2461200 https://www.cve.org/CVERecord?id=CVE-2026-4873 https://nvd.nist.gov/vuln/detail/CVE-2026-4873 https://curl.se/docs/CVE-2026-4873.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4873.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U8ppg+02PjFDuM5YqFstQ==": { "id": "2U8ppg+02PjFDuM5YqFstQ==", "updater": "rhel-vex", "name": "CVE-2025-15282", "description": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "issued": "2026-01-20T21:35:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15282 https://bugzilla.redhat.com/show_bug.cgi?id=2431366 https://www.cve.org/CVERecord?id=CVE-2025-15282 https://nvd.nist.gov/vuln/detail/CVE-2025-15282 https://github.com/python/cpython/issues/143925 https://github.com/python/cpython/pull/143926 https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15282.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4IzHXnRQMZXCe1gYATvw==": { "id": "3O4IzHXnRQMZXCe1gYATvw==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4JszZEguo/SAFbgp6PdKMQ==": { "id": "4JszZEguo/SAFbgp6PdKMQ==", "updater": "rhel-vex", "name": "CVE-2026-5773", "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5773 https://bugzilla.redhat.com/show_bug.cgi?id=2461201 https://www.cve.org/CVERecord?id=CVE-2026-5773 https://nvd.nist.gov/vuln/detail/CVE-2026-5773 https://curl.se/docs/CVE-2026-5773.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5773.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5e3gC+KDeb36jTLxBYtijg==": { "id": "5e3gC+KDeb36jTLxBYtijg==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "619DQiII/+IW12e6tmtrxw==": { "id": "619DQiII/+IW12e6tmtrxw==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Cqvzp5JbuVfHsuYnIJNFw==": { "id": "6Cqvzp5JbuVfHsuYnIJNFw==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Xr5PbPGSy+aHLDQ9q4L9w==": { "id": "6Xr5PbPGSy+aHLDQ9q4L9w==", "updater": "rhel-vex", "name": "CVE-2026-1502", "description": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.", "issued": "2026-04-10T17:54:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1502 https://bugzilla.redhat.com/show_bug.cgi?id=2457409 https://www.cve.org/CVERecord?id=CVE-2026-1502 https://nvd.nist.gov/vuln/detail/CVE-2026-1502 https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 https://github.com/python/cpython/issues/146211 https://github.com/python/cpython/pull/146212 https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1502.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6p6EeZQEuYkK2CtO4ey3Ag==": { "id": "6p6EeZQEuYkK2CtO4ey3Ag==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7Puka2o1jq4jSr2Hekrfhg==": { "id": "7Puka2o1jq4jSr2Hekrfhg==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7lnphmrb/VojuhlikpNO5w==": { "id": "7lnphmrb/VojuhlikpNO5w==", "updater": "rhel-vex", "name": "CVE-2026-24401", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS (multicast Domain Name System) response containing a recursive CNAME (Canonical Name) record. This triggers an uncontrolled recursion within the avahi-daemon process, leading to stack exhaustion and causing the service to crash. This results in a denial of service (DoS) for affected systems.", "issued": "2026-01-24T01:25:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24401 https://bugzilla.redhat.com/show_bug.cgi?id=2432534 https://www.cve.org/CVERecord?id=CVE-2026-24401 https://nvd.nist.gov/vuln/detail/CVE-2026-24401 https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524 https://github.com/avahi/avahi/issues/501 https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24401.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8D3i4K1ylUr5dGk9imV9zA==": { "id": "8D3i4K1ylUr5dGk9imV9zA==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8KJb4x3mXgChaQULEsid2A==": { "id": "8KJb4x3mXgChaQULEsid2A==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8TgjbHNGzIFm7/fF9DBU7Q==": { "id": "8TgjbHNGzIFm7/fF9DBU7Q==", "updater": "rhel-vex", "name": "CVE-2026-34757", "description": "A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like png_get_PLTE, by passing it back to a corresponding setter function within the same image structure. This action causes the setter to access memory that has already been deallocated, leading to a use-after-free condition. A local attacker could potentially exploit this flaw to corrupt image metadata or disclose sensitive information from the application's memory.", "issued": "2026-04-09T14:41:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34757 https://bugzilla.redhat.com/show_bug.cgi?id=2456918 https://www.cve.org/CVERecord?id=CVE-2026-34757 https://nvd.nist.gov/vuln/detail/CVE-2026-34757 https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc https://github.com/pnggroup/libpng/issues/836 https://github.com/pnggroup/libpng/issues/837 https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8qOJVWAut1+UqTXPOWH12g==": { "id": "8qOJVWAut1+UqTXPOWH12g==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rvqTFlh9aOz4UvxQN0SBQ==": { "id": "8rvqTFlh9aOz4UvxQN0SBQ==", "updater": "rhel-vex", "name": "CVE-2026-3479", "description": "A flaw was found in Python's `pkgutil.get_data()` function, which is used to retrieve data from packages. This function did not properly validate the `resource` argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories stored outside the intended root directory, potentially leading to information disclosure or unintended file access.", "issued": "2026-03-18T18:13:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3479 https://bugzilla.redhat.com/show_bug.cgi?id=2448746 https://www.cve.org/CVERecord?id=CVE-2026-3479 https://nvd.nist.gov/vuln/detail/CVE-2026-3479 https://github.com/python/cpython/issues/146121 https://github.com/python/cpython/pull/146122 https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3479.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "92KuvWwbPhsQNPu0knrHAQ==": { "id": "92KuvWwbPhsQNPu0knrHAQ==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "97PwDrD8knMveLXwKCvQjA==": { "id": "97PwDrD8knMveLXwKCvQjA==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9ZCmRufeuC0TKSSi9pcU6g==": { "id": "9ZCmRufeuC0TKSSi9pcU6g==", "updater": "rhel-vex", "name": "CVE-2026-41079", "description": "A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Management Protocol (SNMP) response to the CUPS SNMP backend, leading to an out-of-bounds read. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then converted and stored as printer supply description strings. Authenticated users can subsequently view this leaked information through IPP Get-Printer-Attributes responses and the CUPS web interface.", "issued": "2026-04-24T16:54:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41079 https://bugzilla.redhat.com/show_bug.cgi?id=2461611 https://www.cve.org/CVERecord?id=CVE-2026-41079 https://nvd.nist.gov/vuln/detail/CVE-2026-41079 https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080 https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41079.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9jHXNtwzqlOir/Op7pd9+w==": { "id": "9jHXNtwzqlOir/Op7pd9+w==", "updater": "rhel-vex", "name": "CVE-2025-68276", "description": "A flaw was found in Avahi, a system that facilitates service discovery on a local network. An unprivileged local user can exploit this vulnerability by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can lead to a Denial of Service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-01-12T17:31:49Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68276 https://bugzilla.redhat.com/show_bug.cgi?id=2428713 https://www.cve.org/CVERecord?id=CVE-2025-68276 https://nvd.nist.gov/vuln/detail/CVE-2025-68276 https://github.com/avahi/avahi/commit/ede7048475c5d47d53890e3bc1350dda8e0b3688 https://github.com/avahi/avahi/pull/806 https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68276.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9oBjtBiHtz7+Hwc4swPaAw==": { "id": "9oBjtBiHtz7+Hwc4swPaAw==", "updater": "rhel-vex", "name": "CVE-2026-34979", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker could exploit a heap-based buffer overflow by sending specially crafted job attributes when building filter option strings. This could lead to a denial of service, making the printing system unavailable.", "issued": "2026-04-03T21:16:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34979 https://bugzilla.redhat.com/show_bug.cgi?id=2454946 https://www.cve.org/CVERecord?id=CVE-2026-34979 https://nvd.nist.gov/vuln/detail/CVE-2026-34979 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34979.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9zRC9UwUH2bQs1UcHQ5UTQ==": { "id": "9zRC9UwUH2bQs1UcHQ5UTQ==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1UDSDMkPKOSx7ma/geQyg==": { "id": "A1UDSDMkPKOSx7ma/geQyg==", "updater": "rhel-vex", "name": "CVE-2025-68468", "description": "A flaw was found in Avahi. A remote attacker can cause a Denial of Service (DoS) by sending specially crafted unsolicited announcements containing CNAME resource records. These records, when pointing to other resource records with short Time-To-Live (TTL) values, can lead to the `avahi-daemon` crashing once they expire. This vulnerability impacts the availability of services relying on Avahi's service discovery.", "issued": "2026-01-12T17:38:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68468 https://bugzilla.redhat.com/show_bug.cgi?id=2428714 https://www.cve.org/CVERecord?id=CVE-2025-68468 https://nvd.nist.gov/vuln/detail/CVE-2025-68468 https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a https://github.com/avahi/avahi/issues/683 https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B5eXEM8SeidgdpzXoFJFGQ==": { "id": "B5eXEM8SeidgdpzXoFJFGQ==", "updater": "rhel-vex", "name": "CVE-2026-33636", "description": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.", "issued": "2026-03-26T16:51:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33636 https://bugzilla.redhat.com/show_bug.cgi?id=2451819 https://www.cve.org/CVERecord?id=CVE-2026-33636 https://nvd.nist.gov/vuln/detail/CVE-2026-33636 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33636.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BV++s35Ur4bQRS6HK0QCIA==": { "id": "BV++s35Ur4bQRS6HK0QCIA==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bgew407C4GMDdNe8dNeN7w==": { "id": "Bgew407C4GMDdNe8dNeN7w==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Cz+nwSXEXv91W0XvZNqCqw==": { "id": "Cz+nwSXEXv91W0XvZNqCqw==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ElIjMFAz33tt/XVMysRkdA==": { "id": "ElIjMFAz33tt/XVMysRkdA==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Elb2DrZLO9/IaIc7rSPVUg==": { "id": "Elb2DrZLO9/IaIc7rSPVUg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FkRDB0vpJYeh2ipqLS0/Iw==": { "id": "FkRDB0vpJYeh2ipqLS0/Iw==", "updater": "rhel-vex", "name": "CVE-2025-28164", "description": "A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-28164 https://bugzilla.redhat.com/show_bug.cgi?id=2433398 https://www.cve.org/CVERecord?id=CVE-2025-28164 https://nvd.nist.gov/vuln/detail/CVE-2025-28164 https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20 https://github.com/pnggroup/libpng/issues/655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-28164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H9Ud41wofJc/QlL6Rm7WkA==": { "id": "H9Ud41wofJc/QlL6Rm7WkA==", "updater": "rhel-vex", "name": "CVE-2026-0968", "description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.", "issued": "2026-02-10T18:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0968 https://bugzilla.redhat.com/show_bug.cgi?id=2436982 https://www.cve.org/CVERecord?id=CVE-2026-0968 https://nvd.nist.gov/vuln/detail/CVE-2026-0968 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0968.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HB9r/GLycEmk6aXttwtBlw==": { "id": "HB9r/GLycEmk6aXttwtBlw==", "updater": "rhel-vex", "name": "CVE-2025-11468", "description": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "issued": "2026-01-20T21:09:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11468 https://bugzilla.redhat.com/show_bug.cgi?id=2431375 https://www.cve.org/CVERecord?id=CVE-2025-11468 https://nvd.nist.gov/vuln/detail/CVE-2025-11468 https://github.com/python/cpython/issues/143935 https://github.com/python/cpython/pull/143936 https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HNpGGr9eP5twQKC3yCh1mA==": { "id": "HNpGGr9eP5twQKC3yCh1mA==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HdAyLUATPStr/HXiy9fgQw==": { "id": "HdAyLUATPStr/HXiy9fgQw==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I31WPu2ZGWOsqloSJfE2Fg==": { "id": "I31WPu2ZGWOsqloSJfE2Fg==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IItHEdPWz5fl9O7ZhzjDAA==": { "id": "IItHEdPWz5fl9O7ZhzjDAA==", "updater": "rhel-vex", "name": "CVE-2026-0672", "description": "An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "issued": "2026-01-20T21:52:33Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0672 https://bugzilla.redhat.com/show_bug.cgi?id=2431374 https://www.cve.org/CVERecord?id=CVE-2026-0672 https://nvd.nist.gov/vuln/detail/CVE-2026-0672 https://github.com/python/cpython/issues/143919 https://github.com/python/cpython/pull/143920 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0672.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J5qRb3W5uqqCGngAp6UZrg==": { "id": "J5qRb3W5uqqCGngAp6UZrg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "K3eafQ/8P8PEZ3BPWZfCgg==": { "id": "K3eafQ/8P8PEZ3BPWZfCgg==", "updater": "rhel-vex", "name": "CVE-2026-27447", "description": "A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks.", "issued": "2026-04-03T21:11:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27447 https://bugzilla.redhat.com/show_bug.cgi?id=2454949 https://www.cve.org/CVERecord?id=CVE-2026-27447 https://nvd.nist.gov/vuln/detail/CVE-2026-27447 https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220 https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27447.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KCgCqCavM9U0xL+GHJqzSg==": { "id": "KCgCqCavM9U0xL+GHJqzSg==", "updater": "rhel-vex", "name": "CVE-2026-0964", "description": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111.", "issued": "2026-02-10T18:44:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0964 https://bugzilla.redhat.com/show_bug.cgi?id=2436979 https://www.cve.org/CVERecord?id=CVE-2026-0964 https://nvd.nist.gov/vuln/detail/CVE-2026-0964 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0964.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KExChYIaW0MvXNLWbjS/Hw==": { "id": "KExChYIaW0MvXNLWbjS/Hw==", "updater": "rhel-vex", "name": "CVE-2026-41080", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption.", "issued": "2026-04-16T16:52:01Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2458967 https://www.cve.org/CVERecord?id=CVE-2026-41080 https://nvd.nist.gov/vuln/detail/CVE-2026-41080 https://github.com/libexpat/libexpat/issues/47 https://github.com/libexpat/libexpat/pull/1183 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41080.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3k0cIIlkMGQFiWnZm8Mlg==": { "id": "L3k0cIIlkMGQFiWnZm8Mlg==", "updater": "rhel-vex", "name": "CVE-2025-12781", "description": "A flaw was found in the base64 module in the Python standard library. The b64decode, standard_b64decode and urlsafe_b64decode functions will always accept the '+' and '/' characters even when an alternative base64 alphabet is specified via the altchars parameter that excludes them. This input validation bypass allows malformed or unexpected data to pass through decoding filters, potentially causing logical errors or data integrity issues in applications relying on strict character sets.", "issued": "2026-01-21T19:34:47Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12781 https://bugzilla.redhat.com/show_bug.cgi?id=2431736 https://www.cve.org/CVERecord?id=CVE-2025-12781 https://nvd.nist.gov/vuln/detail/CVE-2025-12781 https://github.com/python/cpython/issues/125346 https://github.com/python/cpython/pull/141128 https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12781.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LTmcTrhW8bJGvJXJVPjm/g==": { "id": "LTmcTrhW8bJGvJXJVPjm/g==", "updater": "rhel-vex", "name": "CVE-2026-24515", "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "issued": "2026-01-23T07:46:36Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24515 https://bugzilla.redhat.com/show_bug.cgi?id=2432312 https://www.cve.org/CVERecord?id=CVE-2026-24515 https://nvd.nist.gov/vuln/detail/CVE-2026-24515 https://github.com/libexpat/libexpat/pull/1131 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24515.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LWLSX4FCLbzYWK97i5Or+A==": { "id": "LWLSX4FCLbzYWK97i5Or+A==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lt2Hg7sVYgz0GD7ldFmjjA==": { "id": "Lt2Hg7sVYgz0GD7ldFmjjA==", "updater": "rhel-vex", "name": "CVE-2026-32777", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "issued": "2026-03-16T06:58:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32777 https://bugzilla.redhat.com/show_bug.cgi?id=2447890 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://nvd.nist.gov/vuln/detail/CVE-2026-32777 https://github.com/libexpat/libexpat/issues/1161 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1162 https://issues.oss-fuzz.com/issues/486993411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32777.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MW3KGjkk7BWuR5JCc6cywg==": { "id": "MW3KGjkk7BWuR5JCc6cywg==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O8fIVXqcGshIonMWsEH9gA==": { "id": "O8fIVXqcGshIonMWsEH9gA==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OFdQC3/0S5rItoyqpACTFw==": { "id": "OFdQC3/0S5rItoyqpACTFw==", "updater": "rhel-vex", "name": "CVE-2026-4224", "description": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.", "issued": "2026-03-16T17:52:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4224 https://bugzilla.redhat.com/show_bug.cgi?id=2448181 https://www.cve.org/CVERecord?id=CVE-2026-4224 https://nvd.nist.gov/vuln/detail/CVE-2026-4224 https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 https://github.com/python/cpython/issues/145986 https://github.com/python/cpython/pull/145987 https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4224.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OGfYu06hscS+jx5HR8e1UQ==": { "id": "OGfYu06hscS+jx5HR8e1UQ==", "updater": "rhel-vex", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "2026-04-30T17:28:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33845 https://bugzilla.redhat.com/show_bug.cgi?id=2450624 https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OLKvdPVgT9/lPcflJTxE3Q==": { "id": "OLKvdPVgT9/lPcflJTxE3Q==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OPNDKUsVLJt2v1gO1zvkBA==": { "id": "OPNDKUsVLJt2v1gO1zvkBA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OTZM0RD60ajdSeEqWGkkTw==": { "id": "OTZM0RD60ajdSeEqWGkkTw==", "updater": "rhel-vex", "name": "CVE-2026-26740", "description": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.", "issued": "2026-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26740 https://bugzilla.redhat.com/show_bug.cgi?id=2448747 https://www.cve.org/CVERecord?id=CVE-2026-26740 https://nvd.nist.gov/vuln/detail/CVE-2026-26740 https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26740.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OgFGrvrnAoXXvapnatTrxQ==": { "id": "OgFGrvrnAoXXvapnatTrxQ==", "updater": "rhel-vex", "name": "CVE-2026-0965", "description": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.", "issued": "2026-02-10T18:47:22Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0965 https://bugzilla.redhat.com/show_bug.cgi?id=2436980 https://www.cve.org/CVERecord?id=CVE-2026-0965 https://nvd.nist.gov/vuln/detail/CVE-2026-0965 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0965.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oi3Y6I7JDcoQrQyH+jMXWw==": { "id": "Oi3Y6I7JDcoQrQyH+jMXWw==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OpUahpCA4oBceG962KxTMA==": { "id": "OpUahpCA4oBceG962KxTMA==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pe4IHqZpuBtuSkrgd2HMEg==": { "id": "Pe4IHqZpuBtuSkrgd2HMEg==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q5xJp4zJ1MCYcYbDi9qrdQ==": { "id": "Q5xJp4zJ1MCYcYbDi9qrdQ==", "updater": "rhel-vex", "name": "CVE-2026-25068", "description": "alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.", "issued": "2026-01-29T19:08:03Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25068 https://bugzilla.redhat.com/show_bug.cgi?id=2435372 https://www.cve.org/CVERecord?id=CVE-2026-25068 https://nvd.nist.gov/vuln/detail/CVE-2026-25068 https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-overflow https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25068.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "alsa-lib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QwBnC+2unbl7BaURui6Tng==": { "id": "QwBnC+2unbl7BaURui6Tng==", "updater": "rhel-vex", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "2026-04-30T17:29:25Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762 https://www.cve.org/CVERecord?id=CVE-2026-3832 https://nvd.nist.gov/vuln/detail/CVE-2026-3832 https://gitlab.com/gnutls/gnutls/-/issues/1801 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3832.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RXjd5U95osIGXnqCa34Jkg==": { "id": "RXjd5U95osIGXnqCa34Jkg==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RYqFgDYIttLgJc8B82sK/w==": { "id": "RYqFgDYIttLgJc8B82sK/w==", "updater": "rhel-vex", "name": "CVE-2025-66382", "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "issued": "2025-11-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66382 https://bugzilla.redhat.com/show_bug.cgi?id=2417661 https://www.cve.org/CVERecord?id=CVE-2025-66382 https://nvd.nist.gov/vuln/detail/CVE-2025-66382 https://github.com/libexpat/libexpat/issues/1076 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66382.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdjNn4dAdZKcn6VS95a/SQ==": { "id": "RdjNn4dAdZKcn6VS95a/SQ==", "updater": "rhel-vex", "name": "CVE-2026-39314", "description": "A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol (IPP) attribute. This manipulation causes the cupsd root process to crash, which can be repeatedly triggered to achieve a sustained Denial of Service (DoS) on the system.", "issued": "2026-04-07T16:59:23Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39314 https://bugzilla.redhat.com/show_bug.cgi?id=2456107 https://www.cve.org/CVERecord?id=CVE-2026-39314 https://nvd.nist.gov/vuln/detail/CVE-2026-39314 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39314.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rfm1tD+QxSP/TVjKFDNabg==": { "id": "Rfm1tD+QxSP/TVjKFDNabg==", "updater": "rhel-vex", "name": "CVE-2026-0967", "description": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.", "issued": "2026-02-10T18:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0967 https://bugzilla.redhat.com/show_bug.cgi?id=2436981 https://www.cve.org/CVERecord?id=CVE-2026-0967 https://nvd.nist.gov/vuln/detail/CVE-2026-0967 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0967.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rw8DyDlyRHRJOeZaAbGMRA==": { "id": "Rw8DyDlyRHRJOeZaAbGMRA==", "updater": "rhel-vex", "name": "CVE-2025-59529", "description": "A flaw was found in avahi. The simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local Denial of Service.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59529 https://bugzilla.redhat.com/show_bug.cgi?id=2405338 https://www.cve.org/CVERecord?id=CVE-2025-59529 https://nvd.nist.gov/vuln/detail/CVE-2025-59529 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Te9j1HGn7feNCE/Fduu0+A==": { "id": "Te9j1HGn7feNCE/Fduu0+A==", "updater": "rhel-vex", "name": "CVE-2025-64505", "description": "A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.", "issued": "2025-11-24T23:38:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64505 https://bugzilla.redhat.com/show_bug.cgi?id=2416905 https://www.cve.org/CVERecord?id=CVE-2025-64505 https://nvd.nist.gov/vuln/detail/CVE-2025-64505 https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 https://github.com/pnggroup/libpng/pull/748 https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64505.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TuBnhFrkwMqIcYtYYgNGNQ==": { "id": "TuBnhFrkwMqIcYtYYgNGNQ==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UUIKm7f4jyfDWGKvptUQ8Q==": { "id": "UUIKm7f4jyfDWGKvptUQ8Q==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://www.libssh.org/security/advisories/CVE-2025-8277.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UyCjBcpeB0nhkRTVhUcAJQ==": { "id": "UyCjBcpeB0nhkRTVhUcAJQ==", "updater": "rhel-vex", "name": "CVE-2026-39316", "description": "A flaw was found in CUPS, an open-source printing system. This vulnerability, known as a use-after-free, occurs in the CUPS scheduler when temporary printers are automatically removed. The system fails to properly manage memory, leaving a pointer to a freed memory location. An attacker could exploit this to cause the CUPS daemon to crash, leading to a denial of service. In more severe scenarios, this could potentially allow an attacker to execute arbitrary code.", "issued": "2026-04-07T17:00:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39316 https://bugzilla.redhat.com/show_bug.cgi?id=2456120 https://www.cve.org/CVERecord?id=CVE-2026-39316 https://nvd.nist.gov/vuln/detail/CVE-2026-39316 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39316.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VLzwKVDYC7fQrtcpCzjXjA==": { "id": "VLzwKVDYC7fQrtcpCzjXjA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VP8+3bQwNwMNm6AhYTNJBQ==": { "id": "VP8+3bQwNwMNm6AhYTNJBQ==", "updater": "rhel-vex", "name": "CVE-2026-22020", "description": "No description is available for this CVE.", "issued": "2026-04-21T20:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2460045 https://www.cve.org/CVERecord?id=CVE-2026-22020 https://nvd.nist.gov/vuln/detail/CVE-2026-22020 https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22020.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VPoF+qCqaQ4y2sVl2255/g==": { "id": "VPoF+qCqaQ4y2sVl2255/g==", "updater": "rhel-vex", "name": "CVE-2026-33416", "description": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.", "issued": "2026-03-26T16:48:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33416 https://bugzilla.redhat.com/show_bug.cgi?id=2451805 https://www.cve.org/CVERecord?id=CVE-2026-33416 https://nvd.nist.gov/vuln/detail/CVE-2026-33416 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 https://github.com/pnggroup/libpng/pull/824 https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33416.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/DMqBRMDYVkVH3D67luGg==": { "id": "W/DMqBRMDYVkVH3D67luGg==", "updater": "rhel-vex", "name": "CVE-2025-64118", "description": "A flaw was found in node-tar, a Tar utility for Node.js. This vulnerability allows a local attacker to potentially disclose sensitive information. When the .t (or .list) function is used with { sync: true } to read tar entry contents, and the tar file is concurrently modified on disk to a smaller size, the function may return uninitialized memory contents. This could lead to the exposure of arbitrary data.", "issued": "2025-10-30T17:50:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64118 https://bugzilla.redhat.com/show_bug.cgi?id=2407440 https://www.cve.org/CVERecord?id=CVE-2025-64118 https://nvd.nist.gov/vuln/detail/CVE-2025-64118 https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64118.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WGvgNwrW2u5APZcidQ6v1Q==": { "id": "WGvgNwrW2u5APZcidQ6v1Q==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WcChSpNAL6V9Xfxc9AqW7g==": { "id": "WcChSpNAL6V9Xfxc9AqW7g==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Wp4+QBQm4nhI8rQxVklEXw==": { "id": "Wp4+QBQm4nhI8rQxVklEXw==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://www.libssh.org/security/advisories/CVE-2025-4878.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XBiy/XVR6SoThCkYUmkD1g==": { "id": "XBiy/XVR6SoThCkYUmkD1g==", "updater": "rhel-vex", "name": "CVE-2026-33056", "description": "A flaw was found in tar-rs, a Rust library for reading and writing tar archives. When unpacking a crafted tar archive, an attacker can exploit a symbolic link vulnerability. By including a symlink followed by a directory with the same name, the library incorrectly applies file permissions to the symlink's target. This allows an attacker to modify the permissions of arbitrary directories outside the intended extraction location.", "issued": "2026-03-20T07:11:10Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33056 https://bugzilla.redhat.com/show_bug.cgi?id=2449490 https://www.cve.org/CVERecord?id=CVE-2026-33056 https://nvd.nist.gov/vuln/detail/CVE-2026-33056 https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446 https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XXiaw1EwhFkuilI94EKiqQ==": { "id": "XXiaw1EwhFkuilI94EKiqQ==", "updater": "rhel-vex", "name": "CVE-2026-5713", "description": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.", "issued": "2026-04-14T15:11:51Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5713 https://bugzilla.redhat.com/show_bug.cgi?id=2458239 https://www.cve.org/CVERecord?id=CVE-2026-5713 https://nvd.nist.gov/vuln/detail/CVE-2026-5713 https://github.com/python/cpython/issues/148178 https://github.com/python/cpython/pull/148187 https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5713.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XbpXfbeApuDuIKvY0/qWiA==": { "id": "XbpXfbeApuDuIKvY0/qWiA==", "updater": "rhel-vex", "name": "CVE-2026-3731", "description": "A flaw was found in libssh. A remote attacker could trigger an out-of-bounds read vulnerability in the SFTP Extension Name Handler by manipulating the `idx` argument in the `sftp_extensions_get_name` or `sftp_extensions_get_data` functions. This could lead to a Denial of Service (DoS), making the affected system unresponsive.", "issued": "2026-03-08T10:32:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3731 https://bugzilla.redhat.com/show_bug.cgi?id=2445579 https://www.cve.org/CVERecord?id=CVE-2026-3731 https://nvd.nist.gov/vuln/detail/CVE-2026-3731 https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60 https://vuldb.com/?ctiid.349709 https://vuldb.com/?id.349709 https://vuldb.com/?submit.767120 https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3731.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XygysGe2kdlyCRQHM1fu3w==": { "id": "XygysGe2kdlyCRQHM1fu3w==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YoCxZvEp16Bt9LDv+Ficeg==": { "id": "YoCxZvEp16Bt9LDv+Ficeg==", "updater": "rhel-vex", "name": "CVE-2025-64506", "description": "A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.", "issued": "2025-11-24T23:41:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64506 https://bugzilla.redhat.com/show_bug.cgi?id=2416906 https://www.cve.org/CVERecord?id=CVE-2025-64506 https://nvd.nist.gov/vuln/detail/CVE-2025-64506 https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 https://github.com/pnggroup/libpng/pull/749 https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64506.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZdcpNqfrXAb14fwUEQLWGQ==": { "id": "ZdcpNqfrXAb14fwUEQLWGQ==", "updater": "rhel-vex", "name": "CVE-2026-41254", "description": "A flaw was found in Little CMS. An integer overflow in the `CubeSize` function within `cmslut.c` occurs because the overflow check is performed after the multiplication. An attacker could exploit this vulnerability by providing a specially crafted input, potentially leading to information disclosure or a denial of service (DoS), which makes the system unavailable to legitimate users.", "issued": "2026-04-18T06:43:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41254 https://bugzilla.redhat.com/show_bug.cgi?id=2459420 https://www.cve.org/CVERecord?id=CVE-2026-41254 https://nvd.nist.gov/vuln/detail/CVE-2026-41254 https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/ https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq https://www.openwall.com/lists/oss-security/2026/04/17/16 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41254.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZkEez7f24VNVhTaTCDhuEg==": { "id": "ZkEez7f24VNVhTaTCDhuEg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZlxfTVb/4bi6yWQ+JLaOnw==": { "id": "ZlxfTVb/4bi6yWQ+JLaOnw==", "updater": "rhel-vex", "name": "CVE-2026-2297", "description": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.", "issued": "2026-03-04T22:10:43Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2297 https://bugzilla.redhat.com/show_bug.cgi?id=2444691 https://www.cve.org/CVERecord?id=CVE-2026-2297 https://nvd.nist.gov/vuln/detail/CVE-2026-2297 https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 https://github.com/python/cpython/issues/145506 https://github.com/python/cpython/pull/145507 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Znm2hdK/FULQhTTGTVX59Q==": { "id": "Znm2hdK/FULQhTTGTVX59Q==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp5q2R9PHTn/pmrn158k9A==": { "id": "Zp5q2R9PHTn/pmrn158k9A==", "updater": "rhel-vex", "name": "CVE-2026-41989", "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "issued": "2026-04-23T04:30:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41989 https://bugzilla.redhat.com/show_bug.cgi?id=2461063 https://www.cve.org/CVERecord?id=CVE-2026-41989 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 https://dev.gnupg.org/T8211 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41989.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "avzu5SRbIjcduH4QdmZ1gg==": { "id": "avzu5SRbIjcduH4QdmZ1gg==", "updater": "rhel-vex", "name": "CVE-2026-0966", "description": "The API function `ssh_get_hexa()` is vulnerable, when 0-lenght\ninput is provided to this function. This function is used internally\nin `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),\nwhich is vulnerable to the same input (length is provided by the\ncalling application).\n\nThe function is also used internally in the gssapi code for logging\nthe OIDs received by the server during GSSAPI authentication. This\ncould be triggered remotely, when the server allows GSSAPI authentication\nand logging verbosity is set at least to SSH_LOG_PACKET (3). This\ncould cause self-DoS of the per-connection daemon process.", "issued": "2026-02-10T18:47:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0966 https://bugzilla.redhat.com/show_bug.cgi?id=2433121 https://www.cve.org/CVERecord?id=CVE-2026-0966 https://nvd.nist.gov/vuln/detail/CVE-2026-0966 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0966.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cW+DgNrGAeRAwNB4wrDZhw==": { "id": "cW+DgNrGAeRAwNB4wrDZhw==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cqYWiTibDLM7aibErMKang==": { "id": "cqYWiTibDLM7aibErMKang==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "crmilTSJ/pTSPBKY9EJmZg==": { "id": "crmilTSJ/pTSPBKY9EJmZg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dYucp/SettSQd/Hpukj6pA==": { "id": "dYucp/SettSQd/Hpukj6pA==", "updater": "rhel-vex", "name": "CVE-2026-5545", "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5545 https://bugzilla.redhat.com/show_bug.cgi?id=2461204 https://www.cve.org/CVERecord?id=CVE-2026-5545 https://nvd.nist.gov/vuln/detail/CVE-2026-5545 https://curl.se/docs/CVE-2026-5545.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5545.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eCNdMtt9JN2Rrb8I23NIsA==": { "id": "eCNdMtt9JN2Rrb8I23NIsA==", "updater": "rhel-vex", "name": "CVE-2026-34990", "description": "A flaw was found in OpenPrinting CUPS. A local unprivileged user can exploit this vulnerability by coercing the `cupsd` service to authenticate to an attacker-controlled Internet Printing Protocol (IPP) service. This allows the user to create a persistent printer queue that can overwrite arbitrary files with root privileges. Successful exploitation can lead to privilege escalation and arbitrary root command execution.", "issued": "2026-04-03T21:14:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34990 https://bugzilla.redhat.com/show_bug.cgi?id=2454947 https://www.cve.org/CVERecord?id=CVE-2026-34990 https://nvd.nist.gov/vuln/detail/CVE-2026-34990 https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34990.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT6cIVRM+743nfHJKo4yuQ==": { "id": "fT6cIVRM+743nfHJKo4yuQ==", "updater": "rhel-vex", "name": "CVE-2026-6429", "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6429 https://bugzilla.redhat.com/show_bug.cgi?id=2461205 https://www.cve.org/CVERecord?id=CVE-2026-6429 https://nvd.nist.gov/vuln/detail/CVE-2026-6429 https://curl.se/docs/CVE-2026-6429.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6429.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h6rS2s3xilGaG0a+pIjl8A==": { "id": "h6rS2s3xilGaG0a+pIjl8A==", "updater": "rhel-vex", "name": "CVE-2026-3644", "description": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "issued": "2026-03-16T17:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3644 https://bugzilla.redhat.com/show_bug.cgi?id=2448168 https://www.cve.org/CVERecord?id=CVE-2026-3644 https://nvd.nist.gov/vuln/detail/CVE-2026-3644 https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4 https://github.com/python/cpython/issues/145599 https://github.com/python/cpython/pull/145600 https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3644.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hfBpyVezkUAf98QWnlvzIA==": { "id": "hfBpyVezkUAf98QWnlvzIA==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hkP7fdNBNcMv5alTtw0c+Q==": { "id": "hkP7fdNBNcMv5alTtw0c+Q==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ho4M6//kfDyE5kZ9fbpV0g==": { "id": "ho4M6//kfDyE5kZ9fbpV0g==", "updater": "rhel-vex", "name": "CVE-2025-14819", "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14819 https://bugzilla.redhat.com/show_bug.cgi?id=2426408 https://www.cve.org/CVERecord?id=CVE-2025-14819 https://nvd.nist.gov/vuln/detail/CVE-2025-14819 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14819.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iEGZHZXt8HWPSM5eJesddQ==": { "id": "iEGZHZXt8HWPSM5eJesddQ==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ieASPdYzGxWke8nZZhE02Q==": { "id": "ieASPdYzGxWke8nZZhE02Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "A vulnerability was found in the demangle_template function in GNU libiberty, as distributed in GNU Binutils, where a memory leak could occur, a specially crafted file could cause the application to consume excessive memory, potentially leading to a crash.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kCsMurCi7F77HxJoLqd9jA==": { "id": "kCsMurCi7F77HxJoLqd9jA==", "updater": "rhel-vex", "name": "CVE-2026-34978", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker can exploit a path traversal vulnerability in the RSS notifier by manipulating the `notify-recipient-uri`. This allows writing arbitrary RSS XML data to sensitive files outside the intended directory. This can lead to a denial of service (DoS) by corrupting critical system files, such as the job cache, causing the scheduler to fail and previously queued jobs to disappear.", "issued": "2026-04-03T21:15:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34978 https://bugzilla.redhat.com/show_bug.cgi?id=2454957 https://www.cve.org/CVERecord?id=CVE-2026-34978 https://nvd.nist.gov/vuln/detail/CVE-2026-34978 https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34978.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klCkJxhhNVG564GOUQMh+Q==": { "id": "klCkJxhhNVG564GOUQMh+Q==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mouoWVvs12H8FynnB5qIsQ==": { "id": "mouoWVvs12H8FynnB5qIsQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "This issue resides on libiberty code, a part of binutils, distributed with different versions of RH software. The vulnerability is triggered when the shstrndx (Section Header String Table Index) is zero in the ELF file. This specific condition leads to the integer overflow and subsequent buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n+SYCf6UN4VyD5OPJagpTA==": { "id": "n+SYCf6UN4VyD5OPJagpTA==", "updater": "rhel-vex", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "2026-05-04T08:53:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33846 https://bugzilla.redhat.com/show_bug.cgi?id=2450625 https://www.cve.org/CVERecord?id=CVE-2026-33846 https://nvd.nist.gov/vuln/detail/CVE-2026-33846 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ngbKDtxhn33NKWC2lhOQNQ==": { "id": "ngbKDtxhn33NKWC2lhOQNQ==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nhJPQpDYg9We/U8oBJw4JQ==": { "id": "nhJPQpDYg9We/U8oBJw4JQ==", "updater": "rhel-vex", "name": "CVE-2026-6019", "description": "A flaw was found in Python's `http.cookies` module. The `Morsel.js_output()` function, responsible for generating JavaScript output for cookies, does not properly neutralize the `\u003c/script\u003e` HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to Cross-Site Scripting (XSS) attacks. Such an attack could result in information disclosure or arbitrary code execution within the user's browser.", "issued": "2026-04-22T19:28:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6019 https://bugzilla.redhat.com/show_bug.cgi?id=2460869 https://www.cve.org/CVERecord?id=CVE-2026-6019 https://nvd.nist.gov/vuln/detail/CVE-2026-6019 https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 https://github.com/python/cpython/issues/90309 https://github.com/python/cpython/pull/148848 https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6019.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npBrFSWnZYxq9cizdfDfCQ==": { "id": "npBrFSWnZYxq9cizdfDfCQ==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "p2qAiuM4AsdQ5J4fBWvbBA==": { "id": "p2qAiuM4AsdQ5J4fBWvbBA==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qC/lM94bJkHuTCcx6Z47mQ==": { "id": "qC/lM94bJkHuTCcx6Z47mQ==", "updater": "rhel-vex", "name": "CVE-2026-32778", "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "issued": "2026-03-16T07:02:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32778 https://bugzilla.redhat.com/show_bug.cgi?id=2447885 https://www.cve.org/CVERecord?id=CVE-2026-32778 https://nvd.nist.gov/vuln/detail/CVE-2026-32778 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1163 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32778.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qS+8YNw5cEHn5bXG24Qmgg==": { "id": "qS+8YNw5cEHn5bXG24Qmgg==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qv1CBAIhzNsoWe8hSWlF1g==": { "id": "qv1CBAIhzNsoWe8hSWlF1g==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rCI1GSL47zJlliQotxXM4Q==": { "id": "rCI1GSL47zJlliQotxXM4Q==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEd6JdG2xx5NZ9bcsFRNpw==": { "id": "rEd6JdG2xx5NZ9bcsFRNpw==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEg00U8+//igCt+0+QBUhA==": { "id": "rEg00U8+//igCt+0+QBUhA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "raKuHZN4AggeEUt0ItIq1Q==": { "id": "raKuHZN4AggeEUt0ItIq1Q==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rfyVleP0iFAaKAccoWyLNQ==": { "id": "rfyVleP0iFAaKAccoWyLNQ==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ruDQdx7OmIsgMCpioWbqOQ==": { "id": "ruDQdx7OmIsgMCpioWbqOQ==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s1kzjy+cDztHEcgHrl7kHQ==": { "id": "s1kzjy+cDztHEcgHrl7kHQ==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sExC9WXn4M01POjg0haQrA==": { "id": "sExC9WXn4M01POjg0haQrA==", "updater": "rhel-vex", "name": "CVE-2026-34933", "description": "A flaw was found in Avahi. An unprivileged local user can exploit this vulnerability by sending a D-Bus method call with conflicting publish flags. This can lead to a denial of service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-04-03T22:43:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34933 https://bugzilla.redhat.com/show_bug.cgi?id=2454978 https://www.cve.org/CVERecord?id=CVE-2026-34933 https://nvd.nist.gov/vuln/detail/CVE-2026-34933 https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c https://github.com/avahi/avahi/pull/891 https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34933.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sThg2GGoKqa1RTJ5skEJTA==": { "id": "sThg2GGoKqa1RTJ5skEJTA==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t3XJyztcU9aOXTMLI8NRmA==": { "id": "t3XJyztcU9aOXTMLI8NRmA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tYeLT/YUKIk7yaK07WvPeA==": { "id": "tYeLT/YUKIk7yaK07WvPeA==", "updater": "rhel-vex", "name": "CVE-2026-32776", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-16T06:54:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32776 https://bugzilla.redhat.com/show_bug.cgi?id=2447888 https://www.cve.org/CVERecord?id=CVE-2026-32776 https://nvd.nist.gov/vuln/detail/CVE-2026-32776 https://github.com/libexpat/libexpat/pull/1158 https://github.com/libexpat/libexpat/pull/1159 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32776.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "teoauN/Djw6odXikmjP4Lw==": { "id": "teoauN/Djw6odXikmjP4Lw==", "updater": "rhel-vex", "name": "CVE-2025-68471", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network using the mDNS/DNS-SD (Multicast Domain Name System/DNS-based Service Discovery) protocols. A remote attacker can exploit this by sending two specific network messages, known as unsolicited announcements with CNAME resource records, within a two-second timeframe. This action can cause the `avahi-daemon` process to crash, leading to a Denial of Service (DoS) for the affected system.", "issued": "2026-01-12T17:39:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68471 https://bugzilla.redhat.com/show_bug.cgi?id=2428717 https://www.cve.org/CVERecord?id=CVE-2025-68471 https://nvd.nist.gov/vuln/detail/CVE-2025-68471 https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1 https://github.com/avahi/avahi/issues/678 https://github.com/avahi/avahi/security/advisories/GHSA-56rf-42xr-qmmg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68471.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tlWVK61iOpKPkvmeShS9AQ==": { "id": "tlWVK61iOpKPkvmeShS9AQ==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tnBbKyfWYMq7GMqd8UCfIw==": { "id": "tnBbKyfWYMq7GMqd8UCfIw==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u7b5r2PfK9a1QyjBR1cFRw==": { "id": "u7b5r2PfK9a1QyjBR1cFRw==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEggs7thHCRp4eZu5EDH0A==": { "id": "uEggs7thHCRp4eZu5EDH0A==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "v1exQXePimNPt3tveLBP9g==": { "id": "v1exQXePimNPt3tveLBP9g==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vTJZ/R8pdcyDbwAwRi8cBw==": { "id": "vTJZ/R8pdcyDbwAwRi8cBw==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vx2N2RZTm7neux8kVlqgEg==": { "id": "vx2N2RZTm7neux8kVlqgEg==", "updater": "rhel-vex", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "2026-04-06T13:36:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5704 https://bugzilla.redhat.com/show_bug.cgi?id=2455360 https://www.cve.org/CVERecord?id=CVE-2026-5704 https://nvd.nist.gov/vuln/detail/CVE-2026-5704 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5704.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wbBiCPikq6Iz02EPsysTgA==": { "id": "wbBiCPikq6Iz02EPsysTgA==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wxS+u/uf8o4sT9iSccXQwA==": { "id": "wxS+u/uf8o4sT9iSccXQwA==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKLQGv5zNwcnWtQQKiO3Ww==": { "id": "xKLQGv5zNwcnWtQQKiO3Ww==", "updater": "rhel-vex", "name": "CVE-2026-25645", "description": "A flaw was found in the `requests` HTTP library, specifically in the `requests.utils.extract_zipped_paths()` function, which is used to load Certificate Authority (CA) bundles. A local attacker can exploit this vulnerability by pre-creating a malicious CA bundle file in the system's temporary directory. When a vulnerable application initializes the `requests` library, it may load this malicious file instead of the legitimate CA bundle, leading to a bypass of security controls and potential integrity compromise.", "issued": "2026-03-25T17:02:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2451408 https://www.cve.org/CVERecord?id=CVE-2026-25645 https://nvd.nist.gov/vuln/detail/CVE-2026-25645 https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 https://github.com/psf/requests/releases/tag/v2.33.0 https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25645.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xjRJnKlNaH/FGi0NN5VKBQ==": { "id": "xjRJnKlNaH/FGi0NN5VKBQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yrec5aYK5L1Cn+46ZF7wbw==": { "id": "yrec5aYK5L1Cn+46ZF7wbw==", "updater": "rhel-vex", "name": "CVE-2026-6253", "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6253 https://bugzilla.redhat.com/show_bug.cgi?id=2461202 https://www.cve.org/CVERecord?id=CVE-2026-6253 https://nvd.nist.gov/vuln/detail/CVE-2026-6253 https://curl.se/docs/CVE-2026-6253.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6253.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zIdEM/kGXg+rxyZW+kVVlw==": { "id": "zIdEM/kGXg+rxyZW+kVVlw==", "updater": "rhel-vex", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "2026-04-30T17:26:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3833 https://bugzilla.redhat.com/show_bug.cgi?id=2445763 https://www.cve.org/CVERecord?id=CVE-2026-3833 https://nvd.nist.gov/vuln/detail/CVE-2026-3833 https://gitlab.com/gnutls/gnutls/-/issues/1803 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3833.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "MRnBR1NwPejsF0F/Po53Ew==", "O6eQrDqYe8zCvECWFMIzFQ==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ "Elb2DrZLO9/IaIc7rSPVUg==", "raKuHZN4AggeEUt0ItIq1Q==" ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ "QwBnC+2unbl7BaURui6Tng==", "OGfYu06hscS+jx5HR8e1UQ==", "n+SYCf6UN4VyD5OPJagpTA==", "zIdEM/kGXg+rxyZW+kVVlw==", "fvGjL9hw9hDQockMTb7lrA==" ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ "Te9j1HGn7feNCE/Fduu0+A==", "VPoF+qCqaQ4y2sVl2255/g==", "cW+DgNrGAeRAwNB4wrDZhw==", "VP8+3bQwNwMNm6AhYTNJBQ==", "s1kzjy+cDztHEcgHrl7kHQ==", "6p6EeZQEuYkK2CtO4ey3Ag==", "m8ueKfgkaYIYTU+xtIQcwA==", "I31WPu2ZGWOsqloSJfE2Fg==", "ZdcpNqfrXAb14fwUEQLWGQ==", "29qrZyz+fmdn9Nzjpl2/Pg==", "8TgjbHNGzIFm7/fF9DBU7Q==", "YoCxZvEp16Bt9LDv+Ficeg==", "FkRDB0vpJYeh2ipqLS0/Iw==", "OTZM0RD60ajdSeEqWGkkTw==", "B5eXEM8SeidgdpzXoFJFGQ==", "1vG4ZYIu07BTj9XJ+a+P9Q==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "hkP7fdNBNcMv5alTtw0c+Q==", "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==", "Zp5q2R9PHTn/pmrn158k9A==", "5e3gC+KDeb36jTLxBYtijg==" ], "ACY3djwkey7ZIXbd0V+Giw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "AIs6pmCup5N9+6Ag6e2/og==": [ "PcNbuWOo0ahqjfbOQhXvvQ==", "LWLSX4FCLbzYWK97i5Or+A==", "rVgBV65FWtFg3jitEqotFA==", "BV++s35Ur4bQRS6HK0QCIA==", "tlWVK61iOpKPkvmeShS9AQ==", "gagftKXuSuh9pi4dRu9yPQ==", "qv1CBAIhzNsoWe8hSWlF1g==", "86unVXyTxdffdcXWZTYw5g==", "VLzwKVDYC7fQrtcpCzjXjA==", "rEd6JdG2xx5NZ9bcsFRNpw==", "8D3i4K1ylUr5dGk9imV9zA==", "ZkEez7f24VNVhTaTCDhuEg==", "rCI1GSL47zJlliQotxXM4Q==", "QUtTYJuHdkAOgtveagWUfA==", "Fp999hDC/lucBsNHwOlp/A==", "OpUahpCA4oBceG962KxTMA==", "QcOTYeOedG0AUhPSakMpIA==", "97PwDrD8knMveLXwKCvQjA==", "OLKvdPVgT9/lPcflJTxE3Q==", "WcChSpNAL6V9Xfxc9AqW7g==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==" ], "AziZ1oGI+oDXVPzldKNj+w==": [ "3O4IzHXnRQMZXCe1gYATvw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "CP6fmHsRon29d9dGmAC8yQ==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "DV119Dw0W4RdsbJkdoHU9w==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "DgyhtZBcSIlVmY6xC8s1mA==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "FS5/DAbDsXWURU9onlACPA==": [ "Q5xJp4zJ1MCYcYbDi9qrdQ==" ], "J34PJ2GThOWZuKVgFIoieA==": [ "uEggs7thHCRp4eZu5EDH0A==" ], "KYSXsdsObSOPb3/iOOdbDw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "LXiVkIlXLq/usMYIwCTH8Q==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "LkoLKEri5dIAb0vFMkSOag==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "MA5xnJmwv4AJZhc2768UiA==": [ "G7IyfoPhe9f8QzIGbOfn7Q==", "92KuvWwbPhsQNPu0knrHAQ==", "HdAyLUATPStr/HXiy9fgQw==", "TLOrmSYL76Du+GI4WD9gMQ==", "619DQiII/+IW12e6tmtrxw==", "RXjd5U95osIGXnqCa34Jkg==", "7Puka2o1jq4jSr2Hekrfhg==", "xjRJnKlNaH/FGi0NN5VKBQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "9zRC9UwUH2bQs1UcHQ5UTQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==", "tnBbKyfWYMq7GMqd8UCfIw==", "5B1tQ2BK8z/YjRkYcvwqag==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "ORsDK2A5479NPB0r01PoXQ==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "P5UTXxqhA6R98OWY7h85rQ==": [ "DDWmqlxBSfXi2KJJ5mwTNg==", "OPNDKUsVLJt2v1gO1zvkBA==", "XygysGe2kdlyCRQHM1fu3w==", "klCkJxhhNVG564GOUQMh+Q==", "EQ4eP3gKo3y8JsWUiWr6+g==", "wxS+u/uf8o4sT9iSccXQwA==", "4/mftydHpy90Umw3G0mTuQ==", "8Sec+JvKiQWGqYCOBdZhjg==", "YiJlkUTKf0/7+ORZMmQ2cw==", "HNpGGr9eP5twQKC3yCh1mA==", "O8fIVXqcGshIonMWsEH9gA==", "AE8Cp1u8I9t52OYW7oGU4w==" ], "PYGQE1Mr52aqIP4tEB4VSw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "U3ZkYu9FoEzQITrVBlQtLA==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "Vax934M9zGbzjdT3Y/XU9w==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "W/d4trZ7jb2yxjrq4cNOWA==", "0nQ3GJDLY22M176Z5ESg6A==", "sThg2GGoKqa1RTJ5skEJTA==", "yuFlxOGqQlDuMCywIIELNw==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "bWUdPEYmtshwdmuX5VapfQ==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==", "xKLQGv5zNwcnWtQQKiO3Ww==", "8I2jFG8JRR+6+eqqYlXhAg==", "HuLJLN6ajygY/CpLyzV5lw==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "teoauN/Djw6odXikmjP4Lw==", "A1UDSDMkPKOSx7ma/geQyg==", "Rw8DyDlyRHRJOeZaAbGMRA==", "kYYDrncBncmKkmFnSd5t3w==", "7lnphmrb/VojuhlikpNO5w==", "9jHXNtwzqlOir/Op7pd9+w==", "Bgew407C4GMDdNe8dNeN7w==", "sExC9WXn4M01POjg0haQrA==", "MW3KGjkk7BWuR5JCc6cywg==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "iKjky3d+XDnwdlXfvLvp/A==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ], "isPl2YxnCTfcLmUYH6Q0sA==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "j5YRt82iOHry4ndSyCLgaA==": [ "eCNdMtt9JN2Rrb8I23NIsA==", "0WTD6ZUY2Zj2w0R3oyPWRw==", "9oBjtBiHtz7+Hwc4swPaAw==", "K3eafQ/8P8PEZ3BPWZfCgg==", "kCsMurCi7F77HxJoLqd9jA==", "9ZCmRufeuC0TKSSi9pcU6g==", "3IgZDz5UYkhu/U1/4kSWKg==", "/1CYFiexnJcM7p4YrI/FVg==", "RdjNn4dAdZKcn6VS95a/SQ==", "UyCjBcpeB0nhkRTVhUcAJQ==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "LTmcTrhW8bJGvJXJVPjm/g==", "tYeLT/YUKIk7yaK07WvPeA==", "qC/lM94bJkHuTCcx6Z47mQ==", "KExChYIaW0MvXNLWbjS/Hw==", "RYqFgDYIttLgJc8B82sK/w==", "Lt2Hg7sVYgz0GD7ldFmjjA==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "AZQ9MHTiNLYiRU7sYZlVGw==", "n83jaRl/T6kiaoMyWtX8xw==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "lU0MYRg2dg5wynl2dMGsgA==": [ "hfBpyVezkUAf98QWnlvzIA==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "W/DMqBRMDYVkVH3D67luGg==", "vx2N2RZTm7neux8kVlqgEg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "9uK7ZDYgFtqP786n0QunAg==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==", "XBiy/XVR6SoThCkYUmkD1g==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "xLIujTim86EomaRofe4tDg==", "0fCtWwB6iclgRvIA+IqiJQ==", "EiL50P2QSOoRA18XAAH6Pg==", "EKs36DFwHVCzU/cF0Be9pQ==", "ElIjMFAz33tt/XVMysRkdA==", "ngbKDtxhn33NKWC2lhOQNQ==", "p2qAiuM4AsdQ5J4fBWvbBA==", "npBrFSWnZYxq9cizdfDfCQ==", "Oi3Y6I7JDcoQrQyH+jMXWw==", "jguV9kU5iHC5V/cF3+b/tg==", "iEGZHZXt8HWPSM5eJesddQ==", "KaROgE0QmtiOixMG9Wi1RA==" ], "oUYls//IDfQ4QSLGKlUoZg==": [ "t3XJyztcU9aOXTMLI8NRmA==", "a067YUjLHWzR99JNl/RtGQ==", "H2CablNBrQ/I5AsUjk5xyw==", "1lUHOMB3ANHGWpqCBv9Ynw==", "BooDzA4nzaDI1l3E5zAHgg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "wQNSAAyfpn1pixah4j5PmA==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ] }, "enrichments": {} } pod: test-comp-pac-gitlab-qtyrdoba31de6d0216cc144bfd92e301e6acd2-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-pac-gitlab-qtyrdoba31de6d0216cc144bfd92e301e6acd2-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: krb5-libs-1.18.2-32.el8_10 (CVE-2026-40356), gnutls-3.6.16-8.el8_10.5 (CVE-2026-33845, CVE-2026-33846), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-66293, CVE-2026-22020, CVE-2026-25646, CVE-2026-26740)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 7 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libuuid-2.32.1-48.el8_10 (CVE-2026-27456), openldap-2.4.46-21.el8_10 (CVE-2026-22185), systemd-libs-239-82.el8_10.16 (CVE-2018-20839, CVE-2025-4598, CVE-2026-29111, CVE-2026-4105), glibc-common-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), cups-libs-1:2.2.6-67.el8_10 (CVE-2023-4504, CVE-2026-27447, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990, CVE-2026-39314, CVE-2026-39316), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182, CVE-2026-25645), gnupg2-2.2.20-4.el8_10 (CVE-2025-68972), libmount-2.32.1-48.el8_10 (CVE-2026-27456), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40355), xz-libs-5.2.4-4.el8_6 (CVE-2026-34743), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0466, CVE-2026-28390), file-libs-5.33-27.el8_10 (CVE-2019-8905), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236, CVE-2026-41989), coreutils-single-8.30-17.el8_10 (CVE-2025-5278), expat-2.5.0-1.el8_10 (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778), libxml2-2.9.7-21.el8_10.4 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), python3-libs-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), alsa-lib-1.2.10-2.el8 (CVE-2026-25068), platform-python-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), gnutls-3.6.16-8.el8_10.5 (CVE-2026-3833), tar-2:1.30-11.el8_10 (CVE-2025-45582, CVE-2025-64118, CVE-2026-33056, CVE-2026-5704), libzstd-1.4.4-1.el8 (CVE-2022-4899), libsmartcols-2.32.1-48.el8_10 (CVE-2026-27456), libcurl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), glib2-2.56.4-168.el8_10 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), curl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), glibc-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2026-22693, CVE-2026-22695, CVE-2026-22801, CVE-2026-33416, CVE-2026-33636, CVE-2026-34757, CVE-2026-41254), libblkid-2.32.1-48.el8_10 (CVE-2026-27456), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616, CVE-2025-59529, CVE-2025-68276, CVE-2025-68468, CVE-2025-68471, CVE-2026-24401, CVE-2026-34933), libarchive-3.3.3-7.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 144 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: systemd-libs-239-82.el8_10.16 (CVE-2021-3997), glibc-common-2.28-251.el8_10.31 (CVE-2026-4438), cups-libs-1:2.2.6-67.el8_10 (CVE-2021-25317, CVE-2026-41079), nss-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4438), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), zlib-1.2.11-25.el8 (CVE-2026-27171), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2025-15468, CVE-2025-15469, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), file-libs-5.33-27.el8_10 (CVE-2019-8906), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), nss-softokn-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), libgcrypt-1.8.5-7.el8_6 (CVE-2026-41990), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), expat-2.5.0-1.el8_10 (CVE-2025-66382, CVE-2026-24515, CVE-2026-41080), libtasn1-4.13-5.el8_10 (CVE-2018-1000654, CVE-2025-13151), gawk-4.2.1-4.el8 (CVE-2023-4156), libxml2-2.9.7-21.el8_10.4 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232, CVE-2025-70873), python3-libs-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), platform-python-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), gnutls-3.6.16-8.el8_10.5 (CVE-2021-4209, CVE-2026-3832), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), libzstd-1.4.4-1.el8 (CVE-2021-24032), libcurl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), nss-softokn-freebl-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), curl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), glibc-2.28-251.el8_10.31 (CVE-2026-4438), nss-sysinit-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2022-3857, CVE-2026-27171), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), pcre2-10.32-3.el8_6 (CVE-2022-41409), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), nss-util-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), libarchive-3.3.3-7.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 152 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":7,"medium":144,"low":152,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c", "digests": ["sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007"]}} {"result":"SUCCESS","timestamp":"2026-05-07T23:40:36+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-pac-gitlab-qtyrdof54a8609b62ff1e6bb9e91027d180bf0-pod | init container: prepare 2026/05/07 23:37:49 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdof54a8609b62ff1e6bb9e91027d180bf0-pod | container step-apply-additional-tags: time="2026-05-07T23:38:03Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-e54c16436d75317bd42ac7e6e85809154e0fdd2c" time="2026-05-07T23:38:03Z" level=info msg="[param] digest: sha256:b2255fd43473d5b61b29553a14db1a28890ac8aad001a906235a753087d06007" time="2026-05-07T23:38:03Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-07T23:38:04Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]}New PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz found after retrigger for component gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz found for Component gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz reason: Failed attempt 2/3: PipelineRun "test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz" failed: pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz-init-pod | init container: prepare 2026/05/07 23:42:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-g95tz-init-pod | container step-init: time="2026-05-07T23:42:28Z" level=info msg="[param] enable: false" time="2026-05-07T23:42:28Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T23:42:28Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T23:42:28Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T23:42:28Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T23:42:28Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T23:42:28Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T23:42:28Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T23:42:28Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-qtyrdo4372e0fad4b643b5414dfaafbc984c7b-pod | init container: prepare 2026/05/07 23:44:53 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo4372e0fad4b643b5414dfaafbc984c7b-pod | init container: place-scripts 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-0-tqhs6 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-1-9shh5 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-2-29p25 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-3-vlzb7 pod: test-comp-pac-gitlab-qtyrdo4372e0fad4b643b5414dfaafbc984c7b-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f. pod: test-comp-pac-gitlab-qtyrdo4372e0fad4b643b5414dfaafbc984c7b-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-05-07T23:44:59Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"}] 2026-05-07T23:44:59Z INF libvuln initialized component=libvuln/New 2026-05-07T23:44:59Z INF registered configured scanners component=libindex/New 2026-05-07T23:44:59Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-05-07T23:44:59Z INF index request start component=libindex/Libindex.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f 2026-05-07T23:44:59Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f 2026-05-07T23:44:59Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=CheckManifest 2026-05-07T23:44:59Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=FetchLayers 2026-05-07T23:45:01Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=FetchLayers 2026-05-07T23:45:01Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=FetchLayers 2026-05-07T23:45:01Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=ScanLayers 2026-05-07T23:45:01Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697 scanner=rhel_containerscanner state=ScanLayers 2026-05-07T23:45:01Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.19.0.10-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-05-07T23:45:02Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=ScanLayers 2026-05-07T23:45:02Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=IndexManifest 2026-05-07T23:45:02Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=IndexFinished 2026-05-07T23:45:02Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f state=IndexFinished 2026-05-07T23:45:02Z INF index request done component=libindex/Libindex.Index manifest=sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f { "manifest_hash": "sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "22yBCZl99yVP86UHT7jTdw==": { "id": "22yBCZl99yVP86UHT7jTdw==", "name": "tzdata", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2gKctomQ2vBMxlyAOjcc7g==": { "id": "2gKctomQ2vBMxlyAOjcc7g==", "name": "sed", "version": "4.5-5.el8_10", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4flTdmUV4iK1Ax+LXJm8qQ==": { "id": "4flTdmUV4iK1Ax+LXJm8qQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4mBaAtvqw4Xnt3KyHa6xnQ==": { "id": "4mBaAtvqw4Xnt3KyHa6xnQ==", "name": "java-17-openjdk-headless", "version": "1:17.0.19.0.10-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.19.0.10-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACY3djwkey7ZIXbd0V+Giw==": { "id": "ACY3djwkey7ZIXbd0V+Giw==", "name": "nss-sysinit", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AIs6pmCup5N9+6Ag6e2/og==": { "id": "AIs6pmCup5N9+6Ag6e2/og==", "name": "openssl-libs", "version": "1:1.1.1k-15.el8_6", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-15.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CP6fmHsRon29d9dGmAC8yQ==": { "id": "CP6fmHsRon29d9dGmAC8yQ==", "name": "nss-softokn", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DV119Dw0W4RdsbJkdoHU9w==": { "id": "DV119Dw0W4RdsbJkdoHU9w==", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DgyhtZBcSIlVmY6xC8s1mA==": { "id": "DgyhtZBcSIlVmY6xC8s1mA==", "name": "coreutils-single", "version": "8.30-17.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-17.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Dmgfuk4/ZGW2Pjrf3pzOwg==": { "id": "Dmgfuk4/ZGW2Pjrf3pzOwg==", "name": "nss-util", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KYSXsdsObSOPb3/iOOdbDw==": { "id": "KYSXsdsObSOPb3/iOOdbDw==", "name": "nss-softokn-freebl", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LkoLKEri5dIAb0vFMkSOag==": { "id": "LkoLKEri5dIAb0vFMkSOag==", "name": "glibc-common", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MA5xnJmwv4AJZhc2768UiA==": { "id": "MA5xnJmwv4AJZhc2768UiA==", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ORsDK2A5479NPB0r01PoXQ==": { "id": "ORsDK2A5479NPB0r01PoXQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5UTXxqhA6R98OWY7h85rQ==": { "id": "P5UTXxqhA6R98OWY7h85rQ==", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PYGQE1Mr52aqIP4tEB4VSw==": { "id": "PYGQE1Mr52aqIP4tEB4VSw==", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RRWuvyUdhwGbBo2a/Ra1hw==": { "id": "RRWuvyUdhwGbBo2a/Ra1hw==", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U3ZkYu9FoEzQITrVBlQtLA==": { "id": "U3ZkYu9FoEzQITrVBlQtLA==", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Vax934M9zGbzjdT3Y/XU9w==": { "id": "Vax934M9zGbzjdT3Y/XU9w==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ar0do80Wlk1FaVvtx66g6Q==": { "id": "ar0do80Wlk1FaVvtx66g6Q==", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iKjky3d+XDnwdlXfvLvp/A==": { "id": "iKjky3d+XDnwdlXfvLvp/A==", "name": "python3-libs", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "j5YRt82iOHry4ndSyCLgaA==": { "id": "j5YRt82iOHry4ndSyCLgaA==", "name": "cups-libs", "version": "1:2.2.6-67.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-67.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kup9SZcgg13wnbXIW3GyJA==": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oUYls//IDfQ4QSLGKlUoZg==": { "id": "oUYls//IDfQ4QSLGKlUoZg==", "name": "systemd-libs", "version": "239-82.el8_10.16", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.16", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "q4X/5GGPJSNoqWY61ewdVA==": { "id": "q4X/5GGPJSNoqWY61ewdVA==", "name": "tzdata-java", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "qdszmGofYYLyezIthPq1jw==": { "id": "qdszmGofYYLyezIthPq1jw==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1777859697", "kind": "binary", "source": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "trIX86+UkjuJsaeYfHvnYw==": { "id": "trIX86+UkjuJsaeYfHvnYw==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.2", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQNSAAyfpn1pixah4j5PmA==": { "id": "wQNSAAyfpn1pixah4j5PmA==", "name": "platform-python", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zdqdBY2jg/Zs374g8Ylc6g==": { "id": "zdqdBY2jg/Zs374g8Ylc6g==", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "930a20e9-3eef-4891-80e1-685cf4b68d6d": { "id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "1a5482f8-c378-4e92-ae78-ab911812eed8": { "id": "1a5482f8-c378-4e92-ae78-ab911812eed8", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e": { "id": "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "a0f212b9-c973-45a2-b406-92951b7da66a": { "id": "a0f212b9-c973-45a2-b406-92951b7da66a", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "b642ab3e-4559-4671-acb4-7d74dd794203": { "id": "b642ab3e-4559-4671-acb4-7d74dd794203", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "e0137a61-5d9e-4462-80ce-a423c175a219": { "id": "e0137a61-5d9e-4462-80ce-a423c175a219", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "ed06f153-7455-428f-909b-119184b5cb5f": { "id": "ed06f153-7455-428f-909b-119184b5cb5f", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "22yBCZl99yVP86UHT7jTdw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "2gKctomQ2vBMxlyAOjcc7g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:2dde81f33a0abad2b73da4fcfdb2d7db4ac15dce7c4d627c6ebf138b31b81770", "distribution_id": "", "repository_ids": [ "e0137a61-5d9e-4462-80ce-a423c175a219" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:2dde81f33a0abad2b73da4fcfdb2d7db4ac15dce7c4d627c6ebf138b31b81770", "distribution_id": "", "repository_ids": [ "e0137a61-5d9e-4462-80ce-a423c175a219" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "ACY3djwkey7ZIXbd0V+Giw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "AIs6pmCup5N9+6Ag6e2/og==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "CP6fmHsRon29d9dGmAC8yQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "DV119Dw0W4RdsbJkdoHU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "DgyhtZBcSIlVmY6xC8s1mA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "KYSXsdsObSOPb3/iOOdbDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "LkoLKEri5dIAb0vFMkSOag==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "MA5xnJmwv4AJZhc2768UiA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "ORsDK2A5479NPB0r01PoXQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "P5UTXxqhA6R98OWY7h85rQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "PYGQE1Mr52aqIP4tEB4VSw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:2dde81f33a0abad2b73da4fcfdb2d7db4ac15dce7c4d627c6ebf138b31b81770", "distribution_id": "", "repository_ids": [ "e0137a61-5d9e-4462-80ce-a423c175a219" ] } ], "RRWuvyUdhwGbBo2a/Ra1hw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "U3ZkYu9FoEzQITrVBlQtLA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "Vax934M9zGbzjdT3Y/XU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "ar0do80Wlk1FaVvtx66g6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "iKjky3d+XDnwdlXfvLvp/A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "j5YRt82iOHry4ndSyCLgaA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "kup9SZcgg13wnbXIW3GyJA==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "1a5482f8-c378-4e92-ae78-ab911812eed8", "1a5482f8-c378-4e92-ae78-ab911812eed8" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "oUYls//IDfQ4QSLGKlUoZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "q4X/5GGPJSNoqWY61ewdVA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "qdszmGofYYLyezIthPq1jw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "1a5482f8-c378-4e92-ae78-ab911812eed8", "1a5482f8-c378-4e92-ae78-ab911812eed8" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "trIX86+UkjuJsaeYfHvnYw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "wQNSAAyfpn1pixah4j5PmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:2dde81f33a0abad2b73da4fcfdb2d7db4ac15dce7c4d627c6ebf138b31b81770", "distribution_id": "", "repository_ids": [ "e0137a61-5d9e-4462-80ce-a423c175a219" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "5c6e0c21-59c5-4ec0-be52-72f9a6a07b2e", "ed06f153-7455-428f-909b-119184b5cb5f" ] } ], "zdqdBY2jg/Zs374g8Ylc6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "930a20e9-3eef-4891-80e1-685cf4b68d6d", "repository_ids": [ "b642ab3e-4559-4671-acb4-7d74dd794203", "a0f212b9-c973-45a2-b406-92951b7da66a" ] } ] }, "vulnerabilities": { "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0QzoXQSqkKieJ7Oc+px0JA==": { "id": "0QzoXQSqkKieJ7Oc+px0JA==", "updater": "rhel-vex", "name": "CVE-2025-13837", "description": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.", "issued": "2025-12-01T18:13:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13837 https://bugzilla.redhat.com/show_bug.cgi?id=2418084 https://www.cve.org/CVERecord?id=CVE-2025-13837 https://nvd.nist.gov/vuln/detail/CVE-2025-13837 https://github.com/python/cpython/issues/119342 https://github.com/python/cpython/pull/119343 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13837.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0WTD6ZUY2Zj2w0R3oyPWRw==": { "id": "0WTD6ZUY2Zj2w0R3oyPWRw==", "updater": "rhel-vex", "name": "CVE-2026-34980", "description": "A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the `page-border` value, allowing an attacker to embed and reparse malicious text as a trusted scheduler control record. This can lead to arbitrary code execution with the privileges of the 'lp' user, potentially compromising the affected system.", "issued": "2026-04-03T21:18:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34980 https://bugzilla.redhat.com/show_bug.cgi?id=2454954 https://www.cve.org/CVERecord?id=CVE-2026-34980 https://nvd.nist.gov/vuln/detail/CVE-2026-34980 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34980.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0fCtWwB6iclgRvIA+IqiJQ==": { "id": "0fCtWwB6iclgRvIA+IqiJQ==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0nQ3GJDLY22M176Z5ESg6A==": { "id": "0nQ3GJDLY22M176Z5ESg6A==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0v/g0Z/XEXV13r48i52JgA==": { "id": "0v/g0Z/XEXV13r48i52JgA==", "updater": "rhel-vex", "name": "CVE-2026-6276", "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6276 https://bugzilla.redhat.com/show_bug.cgi?id=2461203 https://www.cve.org/CVERecord?id=CVE-2026-6276 https://nvd.nist.gov/vuln/detail/CVE-2026-6276 https://curl.se/docs/CVE-2026-6276.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6276.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1lUHOMB3ANHGWpqCBv9Ynw==": { "id": "1lUHOMB3ANHGWpqCBv9Ynw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1vG4ZYIu07BTj9XJ+a+P9Q==": { "id": "1vG4ZYIu07BTj9XJ+a+P9Q==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "29qrZyz+fmdn9Nzjpl2/Pg==": { "id": "29qrZyz+fmdn9Nzjpl2/Pg==", "updater": "rhel-vex", "name": "CVE-2026-22693", "description": "A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault.", "issued": "2026-01-10T05:53:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22693 https://bugzilla.redhat.com/show_bug.cgi?id=2428439 https://www.cve.org/CVERecord?id=CVE-2026-22693 https://nvd.nist.gov/vuln/detail/CVE-2026-22693 https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22693.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U6d1qsPVwS8vUnflv9AcQ==": { "id": "2U6d1qsPVwS8vUnflv9AcQ==", "updater": "rhel-vex", "name": "CVE-2026-4873", "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4873 https://bugzilla.redhat.com/show_bug.cgi?id=2461200 https://www.cve.org/CVERecord?id=CVE-2026-4873 https://nvd.nist.gov/vuln/detail/CVE-2026-4873 https://curl.se/docs/CVE-2026-4873.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4873.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U8ppg+02PjFDuM5YqFstQ==": { "id": "2U8ppg+02PjFDuM5YqFstQ==", "updater": "rhel-vex", "name": "CVE-2025-15282", "description": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "issued": "2026-01-20T21:35:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15282 https://bugzilla.redhat.com/show_bug.cgi?id=2431366 https://www.cve.org/CVERecord?id=CVE-2025-15282 https://nvd.nist.gov/vuln/detail/CVE-2025-15282 https://github.com/python/cpython/issues/143925 https://github.com/python/cpython/pull/143926 https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15282.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4IzHXnRQMZXCe1gYATvw==": { "id": "3O4IzHXnRQMZXCe1gYATvw==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4JszZEguo/SAFbgp6PdKMQ==": { "id": "4JszZEguo/SAFbgp6PdKMQ==", "updater": "rhel-vex", "name": "CVE-2026-5773", "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5773 https://bugzilla.redhat.com/show_bug.cgi?id=2461201 https://www.cve.org/CVERecord?id=CVE-2026-5773 https://nvd.nist.gov/vuln/detail/CVE-2026-5773 https://curl.se/docs/CVE-2026-5773.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5773.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5e3gC+KDeb36jTLxBYtijg==": { "id": "5e3gC+KDeb36jTLxBYtijg==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "619DQiII/+IW12e6tmtrxw==": { "id": "619DQiII/+IW12e6tmtrxw==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Cqvzp5JbuVfHsuYnIJNFw==": { "id": "6Cqvzp5JbuVfHsuYnIJNFw==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Xr5PbPGSy+aHLDQ9q4L9w==": { "id": "6Xr5PbPGSy+aHLDQ9q4L9w==", "updater": "rhel-vex", "name": "CVE-2026-1502", "description": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.", "issued": "2026-04-10T17:54:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1502 https://bugzilla.redhat.com/show_bug.cgi?id=2457409 https://www.cve.org/CVERecord?id=CVE-2026-1502 https://nvd.nist.gov/vuln/detail/CVE-2026-1502 https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 https://github.com/python/cpython/issues/146211 https://github.com/python/cpython/pull/146212 https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1502.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6p6EeZQEuYkK2CtO4ey3Ag==": { "id": "6p6EeZQEuYkK2CtO4ey3Ag==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7Puka2o1jq4jSr2Hekrfhg==": { "id": "7Puka2o1jq4jSr2Hekrfhg==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7lnphmrb/VojuhlikpNO5w==": { "id": "7lnphmrb/VojuhlikpNO5w==", "updater": "rhel-vex", "name": "CVE-2026-24401", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS (multicast Domain Name System) response containing a recursive CNAME (Canonical Name) record. This triggers an uncontrolled recursion within the avahi-daemon process, leading to stack exhaustion and causing the service to crash. This results in a denial of service (DoS) for affected systems.", "issued": "2026-01-24T01:25:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24401 https://bugzilla.redhat.com/show_bug.cgi?id=2432534 https://www.cve.org/CVERecord?id=CVE-2026-24401 https://nvd.nist.gov/vuln/detail/CVE-2026-24401 https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524 https://github.com/avahi/avahi/issues/501 https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24401.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8D3i4K1ylUr5dGk9imV9zA==": { "id": "8D3i4K1ylUr5dGk9imV9zA==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8KJb4x3mXgChaQULEsid2A==": { "id": "8KJb4x3mXgChaQULEsid2A==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8TgjbHNGzIFm7/fF9DBU7Q==": { "id": "8TgjbHNGzIFm7/fF9DBU7Q==", "updater": "rhel-vex", "name": "CVE-2026-34757", "description": "A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like png_get_PLTE, by passing it back to a corresponding setter function within the same image structure. This action causes the setter to access memory that has already been deallocated, leading to a use-after-free condition. A local attacker could potentially exploit this flaw to corrupt image metadata or disclose sensitive information from the application's memory.", "issued": "2026-04-09T14:41:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34757 https://bugzilla.redhat.com/show_bug.cgi?id=2456918 https://www.cve.org/CVERecord?id=CVE-2026-34757 https://nvd.nist.gov/vuln/detail/CVE-2026-34757 https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc https://github.com/pnggroup/libpng/issues/836 https://github.com/pnggroup/libpng/issues/837 https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8qOJVWAut1+UqTXPOWH12g==": { "id": "8qOJVWAut1+UqTXPOWH12g==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rvqTFlh9aOz4UvxQN0SBQ==": { "id": "8rvqTFlh9aOz4UvxQN0SBQ==", "updater": "rhel-vex", "name": "CVE-2026-3479", "description": "A flaw was found in Python's `pkgutil.get_data()` function, which is used to retrieve data from packages. This function did not properly validate the `resource` argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories stored outside the intended root directory, potentially leading to information disclosure or unintended file access.", "issued": "2026-03-18T18:13:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3479 https://bugzilla.redhat.com/show_bug.cgi?id=2448746 https://www.cve.org/CVERecord?id=CVE-2026-3479 https://nvd.nist.gov/vuln/detail/CVE-2026-3479 https://github.com/python/cpython/issues/146121 https://github.com/python/cpython/pull/146122 https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3479.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "92KuvWwbPhsQNPu0knrHAQ==": { "id": "92KuvWwbPhsQNPu0knrHAQ==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "97PwDrD8knMveLXwKCvQjA==": { "id": "97PwDrD8knMveLXwKCvQjA==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9ZCmRufeuC0TKSSi9pcU6g==": { "id": "9ZCmRufeuC0TKSSi9pcU6g==", "updater": "rhel-vex", "name": "CVE-2026-41079", "description": "A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Management Protocol (SNMP) response to the CUPS SNMP backend, leading to an out-of-bounds read. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then converted and stored as printer supply description strings. Authenticated users can subsequently view this leaked information through IPP Get-Printer-Attributes responses and the CUPS web interface.", "issued": "2026-04-24T16:54:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41079 https://bugzilla.redhat.com/show_bug.cgi?id=2461611 https://www.cve.org/CVERecord?id=CVE-2026-41079 https://nvd.nist.gov/vuln/detail/CVE-2026-41079 https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080 https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41079.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9jHXNtwzqlOir/Op7pd9+w==": { "id": "9jHXNtwzqlOir/Op7pd9+w==", "updater": "rhel-vex", "name": "CVE-2025-68276", "description": "A flaw was found in Avahi, a system that facilitates service discovery on a local network. An unprivileged local user can exploit this vulnerability by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can lead to a Denial of Service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-01-12T17:31:49Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68276 https://bugzilla.redhat.com/show_bug.cgi?id=2428713 https://www.cve.org/CVERecord?id=CVE-2025-68276 https://nvd.nist.gov/vuln/detail/CVE-2025-68276 https://github.com/avahi/avahi/commit/ede7048475c5d47d53890e3bc1350dda8e0b3688 https://github.com/avahi/avahi/pull/806 https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68276.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9oBjtBiHtz7+Hwc4swPaAw==": { "id": "9oBjtBiHtz7+Hwc4swPaAw==", "updater": "rhel-vex", "name": "CVE-2026-34979", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker could exploit a heap-based buffer overflow by sending specially crafted job attributes when building filter option strings. This could lead to a denial of service, making the printing system unavailable.", "issued": "2026-04-03T21:16:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34979 https://bugzilla.redhat.com/show_bug.cgi?id=2454946 https://www.cve.org/CVERecord?id=CVE-2026-34979 https://nvd.nist.gov/vuln/detail/CVE-2026-34979 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34979.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9zRC9UwUH2bQs1UcHQ5UTQ==": { "id": "9zRC9UwUH2bQs1UcHQ5UTQ==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1UDSDMkPKOSx7ma/geQyg==": { "id": "A1UDSDMkPKOSx7ma/geQyg==", "updater": "rhel-vex", "name": "CVE-2025-68468", "description": "A flaw was found in Avahi. A remote attacker can cause a Denial of Service (DoS) by sending specially crafted unsolicited announcements containing CNAME resource records. These records, when pointing to other resource records with short Time-To-Live (TTL) values, can lead to the `avahi-daemon` crashing once they expire. This vulnerability impacts the availability of services relying on Avahi's service discovery.", "issued": "2026-01-12T17:38:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68468 https://bugzilla.redhat.com/show_bug.cgi?id=2428714 https://www.cve.org/CVERecord?id=CVE-2025-68468 https://nvd.nist.gov/vuln/detail/CVE-2025-68468 https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a https://github.com/avahi/avahi/issues/683 https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B5eXEM8SeidgdpzXoFJFGQ==": { "id": "B5eXEM8SeidgdpzXoFJFGQ==", "updater": "rhel-vex", "name": "CVE-2026-33636", "description": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.", "issued": "2026-03-26T16:51:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33636 https://bugzilla.redhat.com/show_bug.cgi?id=2451819 https://www.cve.org/CVERecord?id=CVE-2026-33636 https://nvd.nist.gov/vuln/detail/CVE-2026-33636 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33636.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BV++s35Ur4bQRS6HK0QCIA==": { "id": "BV++s35Ur4bQRS6HK0QCIA==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bgew407C4GMDdNe8dNeN7w==": { "id": "Bgew407C4GMDdNe8dNeN7w==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Cz+nwSXEXv91W0XvZNqCqw==": { "id": "Cz+nwSXEXv91W0XvZNqCqw==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ElIjMFAz33tt/XVMysRkdA==": { "id": "ElIjMFAz33tt/XVMysRkdA==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Elb2DrZLO9/IaIc7rSPVUg==": { "id": "Elb2DrZLO9/IaIc7rSPVUg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FkRDB0vpJYeh2ipqLS0/Iw==": { "id": "FkRDB0vpJYeh2ipqLS0/Iw==", "updater": "rhel-vex", "name": "CVE-2025-28164", "description": "A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-28164 https://bugzilla.redhat.com/show_bug.cgi?id=2433398 https://www.cve.org/CVERecord?id=CVE-2025-28164 https://nvd.nist.gov/vuln/detail/CVE-2025-28164 https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20 https://github.com/pnggroup/libpng/issues/655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-28164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H9Ud41wofJc/QlL6Rm7WkA==": { "id": "H9Ud41wofJc/QlL6Rm7WkA==", "updater": "rhel-vex", "name": "CVE-2026-0968", "description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.", "issued": "2026-02-10T18:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0968 https://bugzilla.redhat.com/show_bug.cgi?id=2436982 https://www.cve.org/CVERecord?id=CVE-2026-0968 https://nvd.nist.gov/vuln/detail/CVE-2026-0968 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0968.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HB9r/GLycEmk6aXttwtBlw==": { "id": "HB9r/GLycEmk6aXttwtBlw==", "updater": "rhel-vex", "name": "CVE-2025-11468", "description": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "issued": "2026-01-20T21:09:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11468 https://bugzilla.redhat.com/show_bug.cgi?id=2431375 https://www.cve.org/CVERecord?id=CVE-2025-11468 https://nvd.nist.gov/vuln/detail/CVE-2025-11468 https://github.com/python/cpython/issues/143935 https://github.com/python/cpython/pull/143936 https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HNpGGr9eP5twQKC3yCh1mA==": { "id": "HNpGGr9eP5twQKC3yCh1mA==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HdAyLUATPStr/HXiy9fgQw==": { "id": "HdAyLUATPStr/HXiy9fgQw==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I31WPu2ZGWOsqloSJfE2Fg==": { "id": "I31WPu2ZGWOsqloSJfE2Fg==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IItHEdPWz5fl9O7ZhzjDAA==": { "id": "IItHEdPWz5fl9O7ZhzjDAA==", "updater": "rhel-vex", "name": "CVE-2026-0672", "description": "An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "issued": "2026-01-20T21:52:33Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0672 https://bugzilla.redhat.com/show_bug.cgi?id=2431374 https://www.cve.org/CVERecord?id=CVE-2026-0672 https://nvd.nist.gov/vuln/detail/CVE-2026-0672 https://github.com/python/cpython/issues/143919 https://github.com/python/cpython/pull/143920 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0672.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J5qRb3W5uqqCGngAp6UZrg==": { "id": "J5qRb3W5uqqCGngAp6UZrg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "K3eafQ/8P8PEZ3BPWZfCgg==": { "id": "K3eafQ/8P8PEZ3BPWZfCgg==", "updater": "rhel-vex", "name": "CVE-2026-27447", "description": "A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks.", "issued": "2026-04-03T21:11:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27447 https://bugzilla.redhat.com/show_bug.cgi?id=2454949 https://www.cve.org/CVERecord?id=CVE-2026-27447 https://nvd.nist.gov/vuln/detail/CVE-2026-27447 https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220 https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27447.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KCgCqCavM9U0xL+GHJqzSg==": { "id": "KCgCqCavM9U0xL+GHJqzSg==", "updater": "rhel-vex", "name": "CVE-2026-0964", "description": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111.", "issued": "2026-02-10T18:44:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0964 https://bugzilla.redhat.com/show_bug.cgi?id=2436979 https://www.cve.org/CVERecord?id=CVE-2026-0964 https://nvd.nist.gov/vuln/detail/CVE-2026-0964 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0964.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KExChYIaW0MvXNLWbjS/Hw==": { "id": "KExChYIaW0MvXNLWbjS/Hw==", "updater": "rhel-vex", "name": "CVE-2026-41080", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption.", "issued": "2026-04-16T16:52:01Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2458967 https://www.cve.org/CVERecord?id=CVE-2026-41080 https://nvd.nist.gov/vuln/detail/CVE-2026-41080 https://github.com/libexpat/libexpat/issues/47 https://github.com/libexpat/libexpat/pull/1183 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41080.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3k0cIIlkMGQFiWnZm8Mlg==": { "id": "L3k0cIIlkMGQFiWnZm8Mlg==", "updater": "rhel-vex", "name": "CVE-2025-12781", "description": "A flaw was found in the base64 module in the Python standard library. The b64decode, standard_b64decode and urlsafe_b64decode functions will always accept the '+' and '/' characters even when an alternative base64 alphabet is specified via the altchars parameter that excludes them. This input validation bypass allows malformed or unexpected data to pass through decoding filters, potentially causing logical errors or data integrity issues in applications relying on strict character sets.", "issued": "2026-01-21T19:34:47Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12781 https://bugzilla.redhat.com/show_bug.cgi?id=2431736 https://www.cve.org/CVERecord?id=CVE-2025-12781 https://nvd.nist.gov/vuln/detail/CVE-2025-12781 https://github.com/python/cpython/issues/125346 https://github.com/python/cpython/pull/141128 https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12781.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LTmcTrhW8bJGvJXJVPjm/g==": { "id": "LTmcTrhW8bJGvJXJVPjm/g==", "updater": "rhel-vex", "name": "CVE-2026-24515", "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "issued": "2026-01-23T07:46:36Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24515 https://bugzilla.redhat.com/show_bug.cgi?id=2432312 https://www.cve.org/CVERecord?id=CVE-2026-24515 https://nvd.nist.gov/vuln/detail/CVE-2026-24515 https://github.com/libexpat/libexpat/pull/1131 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24515.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LWLSX4FCLbzYWK97i5Or+A==": { "id": "LWLSX4FCLbzYWK97i5Or+A==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lt2Hg7sVYgz0GD7ldFmjjA==": { "id": "Lt2Hg7sVYgz0GD7ldFmjjA==", "updater": "rhel-vex", "name": "CVE-2026-32777", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "issued": "2026-03-16T06:58:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32777 https://bugzilla.redhat.com/show_bug.cgi?id=2447890 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://nvd.nist.gov/vuln/detail/CVE-2026-32777 https://github.com/libexpat/libexpat/issues/1161 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1162 https://issues.oss-fuzz.com/issues/486993411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32777.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MW3KGjkk7BWuR5JCc6cywg==": { "id": "MW3KGjkk7BWuR5JCc6cywg==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O8fIVXqcGshIonMWsEH9gA==": { "id": "O8fIVXqcGshIonMWsEH9gA==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OFdQC3/0S5rItoyqpACTFw==": { "id": "OFdQC3/0S5rItoyqpACTFw==", "updater": "rhel-vex", "name": "CVE-2026-4224", "description": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.", "issued": "2026-03-16T17:52:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4224 https://bugzilla.redhat.com/show_bug.cgi?id=2448181 https://www.cve.org/CVERecord?id=CVE-2026-4224 https://nvd.nist.gov/vuln/detail/CVE-2026-4224 https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 https://github.com/python/cpython/issues/145986 https://github.com/python/cpython/pull/145987 https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4224.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OGfYu06hscS+jx5HR8e1UQ==": { "id": "OGfYu06hscS+jx5HR8e1UQ==", "updater": "rhel-vex", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "2026-04-30T17:28:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33845 https://bugzilla.redhat.com/show_bug.cgi?id=2450624 https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OLKvdPVgT9/lPcflJTxE3Q==": { "id": "OLKvdPVgT9/lPcflJTxE3Q==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OPNDKUsVLJt2v1gO1zvkBA==": { "id": "OPNDKUsVLJt2v1gO1zvkBA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OTZM0RD60ajdSeEqWGkkTw==": { "id": "OTZM0RD60ajdSeEqWGkkTw==", "updater": "rhel-vex", "name": "CVE-2026-26740", "description": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.", "issued": "2026-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26740 https://bugzilla.redhat.com/show_bug.cgi?id=2448747 https://www.cve.org/CVERecord?id=CVE-2026-26740 https://nvd.nist.gov/vuln/detail/CVE-2026-26740 https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26740.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OgFGrvrnAoXXvapnatTrxQ==": { "id": "OgFGrvrnAoXXvapnatTrxQ==", "updater": "rhel-vex", "name": "CVE-2026-0965", "description": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.", "issued": "2026-02-10T18:47:22Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0965 https://bugzilla.redhat.com/show_bug.cgi?id=2436980 https://www.cve.org/CVERecord?id=CVE-2026-0965 https://nvd.nist.gov/vuln/detail/CVE-2026-0965 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0965.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oi3Y6I7JDcoQrQyH+jMXWw==": { "id": "Oi3Y6I7JDcoQrQyH+jMXWw==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OpUahpCA4oBceG962KxTMA==": { "id": "OpUahpCA4oBceG962KxTMA==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pe4IHqZpuBtuSkrgd2HMEg==": { "id": "Pe4IHqZpuBtuSkrgd2HMEg==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q5xJp4zJ1MCYcYbDi9qrdQ==": { "id": "Q5xJp4zJ1MCYcYbDi9qrdQ==", "updater": "rhel-vex", "name": "CVE-2026-25068", "description": "alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.", "issued": "2026-01-29T19:08:03Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25068 https://bugzilla.redhat.com/show_bug.cgi?id=2435372 https://www.cve.org/CVERecord?id=CVE-2026-25068 https://nvd.nist.gov/vuln/detail/CVE-2026-25068 https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-overflow https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25068.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "alsa-lib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QwBnC+2unbl7BaURui6Tng==": { "id": "QwBnC+2unbl7BaURui6Tng==", "updater": "rhel-vex", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "2026-04-30T17:29:25Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762 https://www.cve.org/CVERecord?id=CVE-2026-3832 https://nvd.nist.gov/vuln/detail/CVE-2026-3832 https://gitlab.com/gnutls/gnutls/-/issues/1801 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3832.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RXjd5U95osIGXnqCa34Jkg==": { "id": "RXjd5U95osIGXnqCa34Jkg==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RYqFgDYIttLgJc8B82sK/w==": { "id": "RYqFgDYIttLgJc8B82sK/w==", "updater": "rhel-vex", "name": "CVE-2025-66382", "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "issued": "2025-11-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66382 https://bugzilla.redhat.com/show_bug.cgi?id=2417661 https://www.cve.org/CVERecord?id=CVE-2025-66382 https://nvd.nist.gov/vuln/detail/CVE-2025-66382 https://github.com/libexpat/libexpat/issues/1076 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66382.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdjNn4dAdZKcn6VS95a/SQ==": { "id": "RdjNn4dAdZKcn6VS95a/SQ==", "updater": "rhel-vex", "name": "CVE-2026-39314", "description": "A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol (IPP) attribute. This manipulation causes the cupsd root process to crash, which can be repeatedly triggered to achieve a sustained Denial of Service (DoS) on the system.", "issued": "2026-04-07T16:59:23Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39314 https://bugzilla.redhat.com/show_bug.cgi?id=2456107 https://www.cve.org/CVERecord?id=CVE-2026-39314 https://nvd.nist.gov/vuln/detail/CVE-2026-39314 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39314.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rfm1tD+QxSP/TVjKFDNabg==": { "id": "Rfm1tD+QxSP/TVjKFDNabg==", "updater": "rhel-vex", "name": "CVE-2026-0967", "description": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.", "issued": "2026-02-10T18:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0967 https://bugzilla.redhat.com/show_bug.cgi?id=2436981 https://www.cve.org/CVERecord?id=CVE-2026-0967 https://nvd.nist.gov/vuln/detail/CVE-2026-0967 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0967.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rw8DyDlyRHRJOeZaAbGMRA==": { "id": "Rw8DyDlyRHRJOeZaAbGMRA==", "updater": "rhel-vex", "name": "CVE-2025-59529", "description": "A flaw was found in avahi. The simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local Denial of Service.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59529 https://bugzilla.redhat.com/show_bug.cgi?id=2405338 https://www.cve.org/CVERecord?id=CVE-2025-59529 https://nvd.nist.gov/vuln/detail/CVE-2025-59529 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Te9j1HGn7feNCE/Fduu0+A==": { "id": "Te9j1HGn7feNCE/Fduu0+A==", "updater": "rhel-vex", "name": "CVE-2025-64505", "description": "A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.", "issued": "2025-11-24T23:38:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64505 https://bugzilla.redhat.com/show_bug.cgi?id=2416905 https://www.cve.org/CVERecord?id=CVE-2025-64505 https://nvd.nist.gov/vuln/detail/CVE-2025-64505 https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 https://github.com/pnggroup/libpng/pull/748 https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64505.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TuBnhFrkwMqIcYtYYgNGNQ==": { "id": "TuBnhFrkwMqIcYtYYgNGNQ==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UUIKm7f4jyfDWGKvptUQ8Q==": { "id": "UUIKm7f4jyfDWGKvptUQ8Q==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://www.libssh.org/security/advisories/CVE-2025-8277.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UyCjBcpeB0nhkRTVhUcAJQ==": { "id": "UyCjBcpeB0nhkRTVhUcAJQ==", "updater": "rhel-vex", "name": "CVE-2026-39316", "description": "A flaw was found in CUPS, an open-source printing system. This vulnerability, known as a use-after-free, occurs in the CUPS scheduler when temporary printers are automatically removed. The system fails to properly manage memory, leaving a pointer to a freed memory location. An attacker could exploit this to cause the CUPS daemon to crash, leading to a denial of service. In more severe scenarios, this could potentially allow an attacker to execute arbitrary code.", "issued": "2026-04-07T17:00:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39316 https://bugzilla.redhat.com/show_bug.cgi?id=2456120 https://www.cve.org/CVERecord?id=CVE-2026-39316 https://nvd.nist.gov/vuln/detail/CVE-2026-39316 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39316.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VLzwKVDYC7fQrtcpCzjXjA==": { "id": "VLzwKVDYC7fQrtcpCzjXjA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VP8+3bQwNwMNm6AhYTNJBQ==": { "id": "VP8+3bQwNwMNm6AhYTNJBQ==", "updater": "rhel-vex", "name": "CVE-2026-22020", "description": "No description is available for this CVE.", "issued": "2026-04-21T20:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2460045 https://www.cve.org/CVERecord?id=CVE-2026-22020 https://nvd.nist.gov/vuln/detail/CVE-2026-22020 https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22020.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VPoF+qCqaQ4y2sVl2255/g==": { "id": "VPoF+qCqaQ4y2sVl2255/g==", "updater": "rhel-vex", "name": "CVE-2026-33416", "description": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.", "issued": "2026-03-26T16:48:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33416 https://bugzilla.redhat.com/show_bug.cgi?id=2451805 https://www.cve.org/CVERecord?id=CVE-2026-33416 https://nvd.nist.gov/vuln/detail/CVE-2026-33416 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 https://github.com/pnggroup/libpng/pull/824 https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33416.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/DMqBRMDYVkVH3D67luGg==": { "id": "W/DMqBRMDYVkVH3D67luGg==", "updater": "rhel-vex", "name": "CVE-2025-64118", "description": "A flaw was found in node-tar, a Tar utility for Node.js. This vulnerability allows a local attacker to potentially disclose sensitive information. When the .t (or .list) function is used with { sync: true } to read tar entry contents, and the tar file is concurrently modified on disk to a smaller size, the function may return uninitialized memory contents. This could lead to the exposure of arbitrary data.", "issued": "2025-10-30T17:50:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64118 https://bugzilla.redhat.com/show_bug.cgi?id=2407440 https://www.cve.org/CVERecord?id=CVE-2025-64118 https://nvd.nist.gov/vuln/detail/CVE-2025-64118 https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64118.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WGvgNwrW2u5APZcidQ6v1Q==": { "id": "WGvgNwrW2u5APZcidQ6v1Q==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WcChSpNAL6V9Xfxc9AqW7g==": { "id": "WcChSpNAL6V9Xfxc9AqW7g==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Wp4+QBQm4nhI8rQxVklEXw==": { "id": "Wp4+QBQm4nhI8rQxVklEXw==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://www.libssh.org/security/advisories/CVE-2025-4878.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XBiy/XVR6SoThCkYUmkD1g==": { "id": "XBiy/XVR6SoThCkYUmkD1g==", "updater": "rhel-vex", "name": "CVE-2026-33056", "description": "A flaw was found in tar-rs, a Rust library for reading and writing tar archives. When unpacking a crafted tar archive, an attacker can exploit a symbolic link vulnerability. By including a symlink followed by a directory with the same name, the library incorrectly applies file permissions to the symlink's target. This allows an attacker to modify the permissions of arbitrary directories outside the intended extraction location.", "issued": "2026-03-20T07:11:10Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33056 https://bugzilla.redhat.com/show_bug.cgi?id=2449490 https://www.cve.org/CVERecord?id=CVE-2026-33056 https://nvd.nist.gov/vuln/detail/CVE-2026-33056 https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446 https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XXiaw1EwhFkuilI94EKiqQ==": { "id": "XXiaw1EwhFkuilI94EKiqQ==", "updater": "rhel-vex", "name": "CVE-2026-5713", "description": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.", "issued": "2026-04-14T15:11:51Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5713 https://bugzilla.redhat.com/show_bug.cgi?id=2458239 https://www.cve.org/CVERecord?id=CVE-2026-5713 https://nvd.nist.gov/vuln/detail/CVE-2026-5713 https://github.com/python/cpython/issues/148178 https://github.com/python/cpython/pull/148187 https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5713.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XbpXfbeApuDuIKvY0/qWiA==": { "id": "XbpXfbeApuDuIKvY0/qWiA==", "updater": "rhel-vex", "name": "CVE-2026-3731", "description": "A flaw was found in libssh. A remote attacker could trigger an out-of-bounds read vulnerability in the SFTP Extension Name Handler by manipulating the `idx` argument in the `sftp_extensions_get_name` or `sftp_extensions_get_data` functions. This could lead to a Denial of Service (DoS), making the affected system unresponsive.", "issued": "2026-03-08T10:32:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3731 https://bugzilla.redhat.com/show_bug.cgi?id=2445579 https://www.cve.org/CVERecord?id=CVE-2026-3731 https://nvd.nist.gov/vuln/detail/CVE-2026-3731 https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60 https://vuldb.com/?ctiid.349709 https://vuldb.com/?id.349709 https://vuldb.com/?submit.767120 https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3731.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XygysGe2kdlyCRQHM1fu3w==": { "id": "XygysGe2kdlyCRQHM1fu3w==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YoCxZvEp16Bt9LDv+Ficeg==": { "id": "YoCxZvEp16Bt9LDv+Ficeg==", "updater": "rhel-vex", "name": "CVE-2025-64506", "description": "A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.", "issued": "2025-11-24T23:41:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64506 https://bugzilla.redhat.com/show_bug.cgi?id=2416906 https://www.cve.org/CVERecord?id=CVE-2025-64506 https://nvd.nist.gov/vuln/detail/CVE-2025-64506 https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 https://github.com/pnggroup/libpng/pull/749 https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64506.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZdcpNqfrXAb14fwUEQLWGQ==": { "id": "ZdcpNqfrXAb14fwUEQLWGQ==", "updater": "rhel-vex", "name": "CVE-2026-41254", "description": "A flaw was found in Little CMS. An integer overflow in the `CubeSize` function within `cmslut.c` occurs because the overflow check is performed after the multiplication. An attacker could exploit this vulnerability by providing a specially crafted input, potentially leading to information disclosure or a denial of service (DoS), which makes the system unavailable to legitimate users.", "issued": "2026-04-18T06:43:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41254 https://bugzilla.redhat.com/show_bug.cgi?id=2459420 https://www.cve.org/CVERecord?id=CVE-2026-41254 https://nvd.nist.gov/vuln/detail/CVE-2026-41254 https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/ https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq https://www.openwall.com/lists/oss-security/2026/04/17/16 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41254.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZkEez7f24VNVhTaTCDhuEg==": { "id": "ZkEez7f24VNVhTaTCDhuEg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZlxfTVb/4bi6yWQ+JLaOnw==": { "id": "ZlxfTVb/4bi6yWQ+JLaOnw==", "updater": "rhel-vex", "name": "CVE-2026-2297", "description": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.", "issued": "2026-03-04T22:10:43Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2297 https://bugzilla.redhat.com/show_bug.cgi?id=2444691 https://www.cve.org/CVERecord?id=CVE-2026-2297 https://nvd.nist.gov/vuln/detail/CVE-2026-2297 https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 https://github.com/python/cpython/issues/145506 https://github.com/python/cpython/pull/145507 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Znm2hdK/FULQhTTGTVX59Q==": { "id": "Znm2hdK/FULQhTTGTVX59Q==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp5q2R9PHTn/pmrn158k9A==": { "id": "Zp5q2R9PHTn/pmrn158k9A==", "updater": "rhel-vex", "name": "CVE-2026-41989", "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "issued": "2026-04-23T04:30:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41989 https://bugzilla.redhat.com/show_bug.cgi?id=2461063 https://www.cve.org/CVERecord?id=CVE-2026-41989 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 https://dev.gnupg.org/T8211 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41989.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "avzu5SRbIjcduH4QdmZ1gg==": { "id": "avzu5SRbIjcduH4QdmZ1gg==", "updater": "rhel-vex", "name": "CVE-2026-0966", "description": "The API function `ssh_get_hexa()` is vulnerable, when 0-lenght\ninput is provided to this function. This function is used internally\nin `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),\nwhich is vulnerable to the same input (length is provided by the\ncalling application).\n\nThe function is also used internally in the gssapi code for logging\nthe OIDs received by the server during GSSAPI authentication. This\ncould be triggered remotely, when the server allows GSSAPI authentication\nand logging verbosity is set at least to SSH_LOG_PACKET (3). This\ncould cause self-DoS of the per-connection daemon process.", "issued": "2026-02-10T18:47:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0966 https://bugzilla.redhat.com/show_bug.cgi?id=2433121 https://www.cve.org/CVERecord?id=CVE-2026-0966 https://nvd.nist.gov/vuln/detail/CVE-2026-0966 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0966.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cW+DgNrGAeRAwNB4wrDZhw==": { "id": "cW+DgNrGAeRAwNB4wrDZhw==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cqYWiTibDLM7aibErMKang==": { "id": "cqYWiTibDLM7aibErMKang==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "crmilTSJ/pTSPBKY9EJmZg==": { "id": "crmilTSJ/pTSPBKY9EJmZg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dYucp/SettSQd/Hpukj6pA==": { "id": "dYucp/SettSQd/Hpukj6pA==", "updater": "rhel-vex", "name": "CVE-2026-5545", "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5545 https://bugzilla.redhat.com/show_bug.cgi?id=2461204 https://www.cve.org/CVERecord?id=CVE-2026-5545 https://nvd.nist.gov/vuln/detail/CVE-2026-5545 https://curl.se/docs/CVE-2026-5545.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5545.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eCNdMtt9JN2Rrb8I23NIsA==": { "id": "eCNdMtt9JN2Rrb8I23NIsA==", "updater": "rhel-vex", "name": "CVE-2026-34990", "description": "A flaw was found in OpenPrinting CUPS. A local unprivileged user can exploit this vulnerability by coercing the `cupsd` service to authenticate to an attacker-controlled Internet Printing Protocol (IPP) service. This allows the user to create a persistent printer queue that can overwrite arbitrary files with root privileges. Successful exploitation can lead to privilege escalation and arbitrary root command execution.", "issued": "2026-04-03T21:14:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34990 https://bugzilla.redhat.com/show_bug.cgi?id=2454947 https://www.cve.org/CVERecord?id=CVE-2026-34990 https://nvd.nist.gov/vuln/detail/CVE-2026-34990 https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34990.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT6cIVRM+743nfHJKo4yuQ==": { "id": "fT6cIVRM+743nfHJKo4yuQ==", "updater": "rhel-vex", "name": "CVE-2026-6429", "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6429 https://bugzilla.redhat.com/show_bug.cgi?id=2461205 https://www.cve.org/CVERecord?id=CVE-2026-6429 https://nvd.nist.gov/vuln/detail/CVE-2026-6429 https://curl.se/docs/CVE-2026-6429.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6429.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h6rS2s3xilGaG0a+pIjl8A==": { "id": "h6rS2s3xilGaG0a+pIjl8A==", "updater": "rhel-vex", "name": "CVE-2026-3644", "description": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "issued": "2026-03-16T17:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3644 https://bugzilla.redhat.com/show_bug.cgi?id=2448168 https://www.cve.org/CVERecord?id=CVE-2026-3644 https://nvd.nist.gov/vuln/detail/CVE-2026-3644 https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4 https://github.com/python/cpython/issues/145599 https://github.com/python/cpython/pull/145600 https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3644.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hfBpyVezkUAf98QWnlvzIA==": { "id": "hfBpyVezkUAf98QWnlvzIA==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hkP7fdNBNcMv5alTtw0c+Q==": { "id": "hkP7fdNBNcMv5alTtw0c+Q==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ho4M6//kfDyE5kZ9fbpV0g==": { "id": "ho4M6//kfDyE5kZ9fbpV0g==", "updater": "rhel-vex", "name": "CVE-2025-14819", "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14819 https://bugzilla.redhat.com/show_bug.cgi?id=2426408 https://www.cve.org/CVERecord?id=CVE-2025-14819 https://nvd.nist.gov/vuln/detail/CVE-2025-14819 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14819.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iEGZHZXt8HWPSM5eJesddQ==": { "id": "iEGZHZXt8HWPSM5eJesddQ==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ieASPdYzGxWke8nZZhE02Q==": { "id": "ieASPdYzGxWke8nZZhE02Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "A vulnerability was found in the demangle_template function in GNU libiberty, as distributed in GNU Binutils, where a memory leak could occur, a specially crafted file could cause the application to consume excessive memory, potentially leading to a crash.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kCsMurCi7F77HxJoLqd9jA==": { "id": "kCsMurCi7F77HxJoLqd9jA==", "updater": "rhel-vex", "name": "CVE-2026-34978", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker can exploit a path traversal vulnerability in the RSS notifier by manipulating the `notify-recipient-uri`. This allows writing arbitrary RSS XML data to sensitive files outside the intended directory. This can lead to a denial of service (DoS) by corrupting critical system files, such as the job cache, causing the scheduler to fail and previously queued jobs to disappear.", "issued": "2026-04-03T21:15:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34978 https://bugzilla.redhat.com/show_bug.cgi?id=2454957 https://www.cve.org/CVERecord?id=CVE-2026-34978 https://nvd.nist.gov/vuln/detail/CVE-2026-34978 https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34978.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klCkJxhhNVG564GOUQMh+Q==": { "id": "klCkJxhhNVG564GOUQMh+Q==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mouoWVvs12H8FynnB5qIsQ==": { "id": "mouoWVvs12H8FynnB5qIsQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "This issue resides on libiberty code, a part of binutils, distributed with different versions of RH software. The vulnerability is triggered when the shstrndx (Section Header String Table Index) is zero in the ELF file. This specific condition leads to the integer overflow and subsequent buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n+SYCf6UN4VyD5OPJagpTA==": { "id": "n+SYCf6UN4VyD5OPJagpTA==", "updater": "rhel-vex", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "2026-05-04T08:53:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33846 https://bugzilla.redhat.com/show_bug.cgi?id=2450625 https://www.cve.org/CVERecord?id=CVE-2026-33846 https://nvd.nist.gov/vuln/detail/CVE-2026-33846 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ngbKDtxhn33NKWC2lhOQNQ==": { "id": "ngbKDtxhn33NKWC2lhOQNQ==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nhJPQpDYg9We/U8oBJw4JQ==": { "id": "nhJPQpDYg9We/U8oBJw4JQ==", "updater": "rhel-vex", "name": "CVE-2026-6019", "description": "A flaw was found in Python's `http.cookies` module. The `Morsel.js_output()` function, responsible for generating JavaScript output for cookies, does not properly neutralize the `\u003c/script\u003e` HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to Cross-Site Scripting (XSS) attacks. Such an attack could result in information disclosure or arbitrary code execution within the user's browser.", "issued": "2026-04-22T19:28:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6019 https://bugzilla.redhat.com/show_bug.cgi?id=2460869 https://www.cve.org/CVERecord?id=CVE-2026-6019 https://nvd.nist.gov/vuln/detail/CVE-2026-6019 https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 https://github.com/python/cpython/issues/90309 https://github.com/python/cpython/pull/148848 https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6019.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npBrFSWnZYxq9cizdfDfCQ==": { "id": "npBrFSWnZYxq9cizdfDfCQ==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "p2qAiuM4AsdQ5J4fBWvbBA==": { "id": "p2qAiuM4AsdQ5J4fBWvbBA==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qC/lM94bJkHuTCcx6Z47mQ==": { "id": "qC/lM94bJkHuTCcx6Z47mQ==", "updater": "rhel-vex", "name": "CVE-2026-32778", "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "issued": "2026-03-16T07:02:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32778 https://bugzilla.redhat.com/show_bug.cgi?id=2447885 https://www.cve.org/CVERecord?id=CVE-2026-32778 https://nvd.nist.gov/vuln/detail/CVE-2026-32778 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1163 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32778.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qS+8YNw5cEHn5bXG24Qmgg==": { "id": "qS+8YNw5cEHn5bXG24Qmgg==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qv1CBAIhzNsoWe8hSWlF1g==": { "id": "qv1CBAIhzNsoWe8hSWlF1g==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rCI1GSL47zJlliQotxXM4Q==": { "id": "rCI1GSL47zJlliQotxXM4Q==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEd6JdG2xx5NZ9bcsFRNpw==": { "id": "rEd6JdG2xx5NZ9bcsFRNpw==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEg00U8+//igCt+0+QBUhA==": { "id": "rEg00U8+//igCt+0+QBUhA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "raKuHZN4AggeEUt0ItIq1Q==": { "id": "raKuHZN4AggeEUt0ItIq1Q==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rfyVleP0iFAaKAccoWyLNQ==": { "id": "rfyVleP0iFAaKAccoWyLNQ==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ruDQdx7OmIsgMCpioWbqOQ==": { "id": "ruDQdx7OmIsgMCpioWbqOQ==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s1kzjy+cDztHEcgHrl7kHQ==": { "id": "s1kzjy+cDztHEcgHrl7kHQ==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sExC9WXn4M01POjg0haQrA==": { "id": "sExC9WXn4M01POjg0haQrA==", "updater": "rhel-vex", "name": "CVE-2026-34933", "description": "A flaw was found in Avahi. An unprivileged local user can exploit this vulnerability by sending a D-Bus method call with conflicting publish flags. This can lead to a denial of service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-04-03T22:43:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34933 https://bugzilla.redhat.com/show_bug.cgi?id=2454978 https://www.cve.org/CVERecord?id=CVE-2026-34933 https://nvd.nist.gov/vuln/detail/CVE-2026-34933 https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c https://github.com/avahi/avahi/pull/891 https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34933.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sThg2GGoKqa1RTJ5skEJTA==": { "id": "sThg2GGoKqa1RTJ5skEJTA==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t3XJyztcU9aOXTMLI8NRmA==": { "id": "t3XJyztcU9aOXTMLI8NRmA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tYeLT/YUKIk7yaK07WvPeA==": { "id": "tYeLT/YUKIk7yaK07WvPeA==", "updater": "rhel-vex", "name": "CVE-2026-32776", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-16T06:54:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32776 https://bugzilla.redhat.com/show_bug.cgi?id=2447888 https://www.cve.org/CVERecord?id=CVE-2026-32776 https://nvd.nist.gov/vuln/detail/CVE-2026-32776 https://github.com/libexpat/libexpat/pull/1158 https://github.com/libexpat/libexpat/pull/1159 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32776.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "teoauN/Djw6odXikmjP4Lw==": { "id": "teoauN/Djw6odXikmjP4Lw==", "updater": "rhel-vex", "name": "CVE-2025-68471", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network using the mDNS/DNS-SD (Multicast Domain Name System/DNS-based Service Discovery) protocols. A remote attacker can exploit this by sending two specific network messages, known as unsolicited announcements with CNAME resource records, within a two-second timeframe. This action can cause the `avahi-daemon` process to crash, leading to a Denial of Service (DoS) for the affected system.", "issued": "2026-01-12T17:39:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68471 https://bugzilla.redhat.com/show_bug.cgi?id=2428717 https://www.cve.org/CVERecord?id=CVE-2025-68471 https://nvd.nist.gov/vuln/detail/CVE-2025-68471 https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1 https://github.com/avahi/avahi/issues/678 https://github.com/avahi/avahi/security/advisories/GHSA-56rf-42xr-qmmg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68471.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tlWVK61iOpKPkvmeShS9AQ==": { "id": "tlWVK61iOpKPkvmeShS9AQ==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tnBbKyfWYMq7GMqd8UCfIw==": { "id": "tnBbKyfWYMq7GMqd8UCfIw==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u7b5r2PfK9a1QyjBR1cFRw==": { "id": "u7b5r2PfK9a1QyjBR1cFRw==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEggs7thHCRp4eZu5EDH0A==": { "id": "uEggs7thHCRp4eZu5EDH0A==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "v1exQXePimNPt3tveLBP9g==": { "id": "v1exQXePimNPt3tveLBP9g==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vTJZ/R8pdcyDbwAwRi8cBw==": { "id": "vTJZ/R8pdcyDbwAwRi8cBw==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vx2N2RZTm7neux8kVlqgEg==": { "id": "vx2N2RZTm7neux8kVlqgEg==", "updater": "rhel-vex", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "2026-04-06T13:36:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5704 https://bugzilla.redhat.com/show_bug.cgi?id=2455360 https://www.cve.org/CVERecord?id=CVE-2026-5704 https://nvd.nist.gov/vuln/detail/CVE-2026-5704 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5704.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wbBiCPikq6Iz02EPsysTgA==": { "id": "wbBiCPikq6Iz02EPsysTgA==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wxS+u/uf8o4sT9iSccXQwA==": { "id": "wxS+u/uf8o4sT9iSccXQwA==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKLQGv5zNwcnWtQQKiO3Ww==": { "id": "xKLQGv5zNwcnWtQQKiO3Ww==", "updater": "rhel-vex", "name": "CVE-2026-25645", "description": "A flaw was found in the `requests` HTTP library, specifically in the `requests.utils.extract_zipped_paths()` function, which is used to load Certificate Authority (CA) bundles. A local attacker can exploit this vulnerability by pre-creating a malicious CA bundle file in the system's temporary directory. When a vulnerable application initializes the `requests` library, it may load this malicious file instead of the legitimate CA bundle, leading to a bypass of security controls and potential integrity compromise.", "issued": "2026-03-25T17:02:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2451408 https://www.cve.org/CVERecord?id=CVE-2026-25645 https://nvd.nist.gov/vuln/detail/CVE-2026-25645 https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 https://github.com/psf/requests/releases/tag/v2.33.0 https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25645.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xjRJnKlNaH/FGi0NN5VKBQ==": { "id": "xjRJnKlNaH/FGi0NN5VKBQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yrec5aYK5L1Cn+46ZF7wbw==": { "id": "yrec5aYK5L1Cn+46ZF7wbw==", "updater": "rhel-vex", "name": "CVE-2026-6253", "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6253 https://bugzilla.redhat.com/show_bug.cgi?id=2461202 https://www.cve.org/CVERecord?id=CVE-2026-6253 https://nvd.nist.gov/vuln/detail/CVE-2026-6253 https://curl.se/docs/CVE-2026-6253.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6253.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zIdEM/kGXg+rxyZW+kVVlw==": { "id": "zIdEM/kGXg+rxyZW+kVVlw==", "updater": "rhel-vex", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "2026-04-30T17:26:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3833 https://bugzilla.redhat.com/show_bug.cgi?id=2445763 https://www.cve.org/CVERecord?id=CVE-2026-3833 https://nvd.nist.gov/vuln/detail/CVE-2026-3833 https://gitlab.com/gnutls/gnutls/-/issues/1803 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3833.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "MRnBR1NwPejsF0F/Po53Ew==", "O6eQrDqYe8zCvECWFMIzFQ==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ "Elb2DrZLO9/IaIc7rSPVUg==", "raKuHZN4AggeEUt0ItIq1Q==" ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ "QwBnC+2unbl7BaURui6Tng==", "OGfYu06hscS+jx5HR8e1UQ==", "n+SYCf6UN4VyD5OPJagpTA==", "zIdEM/kGXg+rxyZW+kVVlw==", "fvGjL9hw9hDQockMTb7lrA==" ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ "Te9j1HGn7feNCE/Fduu0+A==", "VPoF+qCqaQ4y2sVl2255/g==", "cW+DgNrGAeRAwNB4wrDZhw==", "VP8+3bQwNwMNm6AhYTNJBQ==", "s1kzjy+cDztHEcgHrl7kHQ==", "6p6EeZQEuYkK2CtO4ey3Ag==", "m8ueKfgkaYIYTU+xtIQcwA==", "I31WPu2ZGWOsqloSJfE2Fg==", "ZdcpNqfrXAb14fwUEQLWGQ==", "29qrZyz+fmdn9Nzjpl2/Pg==", "8TgjbHNGzIFm7/fF9DBU7Q==", "YoCxZvEp16Bt9LDv+Ficeg==", "FkRDB0vpJYeh2ipqLS0/Iw==", "OTZM0RD60ajdSeEqWGkkTw==", "B5eXEM8SeidgdpzXoFJFGQ==", "1vG4ZYIu07BTj9XJ+a+P9Q==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "hkP7fdNBNcMv5alTtw0c+Q==", "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==", "Zp5q2R9PHTn/pmrn158k9A==", "5e3gC+KDeb36jTLxBYtijg==" ], "ACY3djwkey7ZIXbd0V+Giw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "AIs6pmCup5N9+6Ag6e2/og==": [ "PcNbuWOo0ahqjfbOQhXvvQ==", "LWLSX4FCLbzYWK97i5Or+A==", "rVgBV65FWtFg3jitEqotFA==", "BV++s35Ur4bQRS6HK0QCIA==", "tlWVK61iOpKPkvmeShS9AQ==", "gagftKXuSuh9pi4dRu9yPQ==", "qv1CBAIhzNsoWe8hSWlF1g==", "86unVXyTxdffdcXWZTYw5g==", "VLzwKVDYC7fQrtcpCzjXjA==", "rEd6JdG2xx5NZ9bcsFRNpw==", "8D3i4K1ylUr5dGk9imV9zA==", "ZkEez7f24VNVhTaTCDhuEg==", "rCI1GSL47zJlliQotxXM4Q==", "QUtTYJuHdkAOgtveagWUfA==", "Fp999hDC/lucBsNHwOlp/A==", "OpUahpCA4oBceG962KxTMA==", "QcOTYeOedG0AUhPSakMpIA==", "97PwDrD8knMveLXwKCvQjA==", "OLKvdPVgT9/lPcflJTxE3Q==", "WcChSpNAL6V9Xfxc9AqW7g==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==" ], "AziZ1oGI+oDXVPzldKNj+w==": [ "3O4IzHXnRQMZXCe1gYATvw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "CP6fmHsRon29d9dGmAC8yQ==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "DV119Dw0W4RdsbJkdoHU9w==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "DgyhtZBcSIlVmY6xC8s1mA==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "FS5/DAbDsXWURU9onlACPA==": [ "Q5xJp4zJ1MCYcYbDi9qrdQ==" ], "J34PJ2GThOWZuKVgFIoieA==": [ "uEggs7thHCRp4eZu5EDH0A==" ], "KYSXsdsObSOPb3/iOOdbDw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "LXiVkIlXLq/usMYIwCTH8Q==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "LkoLKEri5dIAb0vFMkSOag==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "MA5xnJmwv4AJZhc2768UiA==": [ "G7IyfoPhe9f8QzIGbOfn7Q==", "92KuvWwbPhsQNPu0knrHAQ==", "HdAyLUATPStr/HXiy9fgQw==", "TLOrmSYL76Du+GI4WD9gMQ==", "619DQiII/+IW12e6tmtrxw==", "RXjd5U95osIGXnqCa34Jkg==", "7Puka2o1jq4jSr2Hekrfhg==", "xjRJnKlNaH/FGi0NN5VKBQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "9zRC9UwUH2bQs1UcHQ5UTQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==", "tnBbKyfWYMq7GMqd8UCfIw==", "5B1tQ2BK8z/YjRkYcvwqag==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "ORsDK2A5479NPB0r01PoXQ==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "P5UTXxqhA6R98OWY7h85rQ==": [ "DDWmqlxBSfXi2KJJ5mwTNg==", "OPNDKUsVLJt2v1gO1zvkBA==", "XygysGe2kdlyCRQHM1fu3w==", "klCkJxhhNVG564GOUQMh+Q==", "EQ4eP3gKo3y8JsWUiWr6+g==", "wxS+u/uf8o4sT9iSccXQwA==", "4/mftydHpy90Umw3G0mTuQ==", "8Sec+JvKiQWGqYCOBdZhjg==", "YiJlkUTKf0/7+ORZMmQ2cw==", "HNpGGr9eP5twQKC3yCh1mA==", "O8fIVXqcGshIonMWsEH9gA==", "AE8Cp1u8I9t52OYW7oGU4w==" ], "PYGQE1Mr52aqIP4tEB4VSw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "U3ZkYu9FoEzQITrVBlQtLA==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "Vax934M9zGbzjdT3Y/XU9w==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "W/d4trZ7jb2yxjrq4cNOWA==", "0nQ3GJDLY22M176Z5ESg6A==", "sThg2GGoKqa1RTJ5skEJTA==", "yuFlxOGqQlDuMCywIIELNw==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "bWUdPEYmtshwdmuX5VapfQ==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==", "xKLQGv5zNwcnWtQQKiO3Ww==", "8I2jFG8JRR+6+eqqYlXhAg==", "HuLJLN6ajygY/CpLyzV5lw==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "teoauN/Djw6odXikmjP4Lw==", "A1UDSDMkPKOSx7ma/geQyg==", "Rw8DyDlyRHRJOeZaAbGMRA==", "kYYDrncBncmKkmFnSd5t3w==", "7lnphmrb/VojuhlikpNO5w==", "9jHXNtwzqlOir/Op7pd9+w==", "Bgew407C4GMDdNe8dNeN7w==", "sExC9WXn4M01POjg0haQrA==", "MW3KGjkk7BWuR5JCc6cywg==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "iKjky3d+XDnwdlXfvLvp/A==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ], "isPl2YxnCTfcLmUYH6Q0sA==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "j5YRt82iOHry4ndSyCLgaA==": [ "eCNdMtt9JN2Rrb8I23NIsA==", "0WTD6ZUY2Zj2w0R3oyPWRw==", "9oBjtBiHtz7+Hwc4swPaAw==", "K3eafQ/8P8PEZ3BPWZfCgg==", "kCsMurCi7F77HxJoLqd9jA==", "9ZCmRufeuC0TKSSi9pcU6g==", "3IgZDz5UYkhu/U1/4kSWKg==", "/1CYFiexnJcM7p4YrI/FVg==", "RdjNn4dAdZKcn6VS95a/SQ==", "UyCjBcpeB0nhkRTVhUcAJQ==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "LTmcTrhW8bJGvJXJVPjm/g==", "tYeLT/YUKIk7yaK07WvPeA==", "qC/lM94bJkHuTCcx6Z47mQ==", "KExChYIaW0MvXNLWbjS/Hw==", "RYqFgDYIttLgJc8B82sK/w==", "Lt2Hg7sVYgz0GD7ldFmjjA==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "AZQ9MHTiNLYiRU7sYZlVGw==", "n83jaRl/T6kiaoMyWtX8xw==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "lU0MYRg2dg5wynl2dMGsgA==": [ "hfBpyVezkUAf98QWnlvzIA==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "W/DMqBRMDYVkVH3D67luGg==", "vx2N2RZTm7neux8kVlqgEg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "9uK7ZDYgFtqP786n0QunAg==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==", "XBiy/XVR6SoThCkYUmkD1g==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "xLIujTim86EomaRofe4tDg==", "0fCtWwB6iclgRvIA+IqiJQ==", "EiL50P2QSOoRA18XAAH6Pg==", "EKs36DFwHVCzU/cF0Be9pQ==", "ElIjMFAz33tt/XVMysRkdA==", "ngbKDtxhn33NKWC2lhOQNQ==", "p2qAiuM4AsdQ5J4fBWvbBA==", "npBrFSWnZYxq9cizdfDfCQ==", "Oi3Y6I7JDcoQrQyH+jMXWw==", "jguV9kU5iHC5V/cF3+b/tg==", "iEGZHZXt8HWPSM5eJesddQ==", "KaROgE0QmtiOixMG9Wi1RA==" ], "oUYls//IDfQ4QSLGKlUoZg==": [ "t3XJyztcU9aOXTMLI8NRmA==", "a067YUjLHWzR99JNl/RtGQ==", "H2CablNBrQ/I5AsUjk5xyw==", "1lUHOMB3ANHGWpqCBv9Ynw==", "BooDzA4nzaDI1l3E5zAHgg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "wQNSAAyfpn1pixah4j5PmA==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ] }, "enrichments": {} } pod: test-comp-pac-gitlab-qtyrdo4372e0fad4b643b5414dfaafbc984c7b-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-pac-gitlab-qtyrdo4372e0fad4b643b5414dfaafbc984c7b-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.6.16-8.el8_10.5 (CVE-2026-33845, CVE-2026-33846), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40356), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-66293, CVE-2026-22020, CVE-2026-25646, CVE-2026-26740)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 7 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-common-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), file-libs-5.33-27.el8_10 (CVE-2019-8905), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182, CVE-2026-25645), systemd-libs-239-82.el8_10.16 (CVE-2018-20839, CVE-2025-4598, CVE-2026-29111, CVE-2026-4105), gnutls-3.6.16-8.el8_10.5 (CVE-2026-3833), libsmartcols-2.32.1-48.el8_10 (CVE-2026-27456), cups-libs-1:2.2.6-67.el8_10 (CVE-2023-4504, CVE-2026-27447, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990, CVE-2026-39314, CVE-2026-39316), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0466, CVE-2026-28390), coreutils-single-8.30-17.el8_10 (CVE-2025-5278), libzstd-1.4.4-1.el8 (CVE-2022-4899), openldap-2.4.46-21.el8_10 (CVE-2026-22185), expat-2.5.0-1.el8_10 (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778), python3-libs-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616, CVE-2025-59529, CVE-2025-68276, CVE-2025-68468, CVE-2025-68471, CVE-2026-24401, CVE-2026-34933), libuuid-2.32.1-48.el8_10 (CVE-2026-27456), glib2-2.56.4-168.el8_10 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), alsa-lib-1.2.10-2.el8 (CVE-2026-25068), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236, CVE-2026-41989), libblkid-2.32.1-48.el8_10 (CVE-2026-27456), platform-python-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40355), gnupg2-2.2.20-4.el8_10 (CVE-2025-68972), libcurl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), xz-libs-5.2.4-4.el8_6 (CVE-2026-34743), libarchive-3.3.3-7.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2026-22693, CVE-2026-22695, CVE-2026-22801, CVE-2026-33416, CVE-2026-33636, CVE-2026-34757, CVE-2026-41254), curl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), libmount-2.32.1-48.el8_10 (CVE-2026-27456), glibc-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), tar-2:1.30-11.el8_10 (CVE-2025-45582, CVE-2025-64118, CVE-2026-33056, CVE-2026-5704), libxml2-2.9.7-21.el8_10.4 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 144 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: elfutils-libelf-0.190-2.el8 (CVE-2024-25260), glibc-common-2.28-251.el8_10.31 (CVE-2026-4438), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), file-libs-5.33-27.el8_10 (CVE-2019-8906), gawk-4.2.1-4.el8 (CVE-2023-4156), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), systemd-libs-239-82.el8_10.16 (CVE-2021-3997), gnutls-3.6.16-8.el8_10.5 (CVE-2021-4209, CVE-2026-3832), cups-libs-1:2.2.6-67.el8_10 (CVE-2021-25317, CVE-2026-41079), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), nss-util-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2025-15468, CVE-2025-15469, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), nss-sysinit-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), pcre2-10.32-3.el8_6 (CVE-2022-41409), libzstd-1.4.4-1.el8 (CVE-2021-24032), expat-2.5.0-1.el8_10 (CVE-2025-66382, CVE-2026-24515, CVE-2026-41080), python3-libs-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232, CVE-2025-70873), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), zlib-1.2.11-25.el8 (CVE-2026-27171), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libgcrypt-1.8.5-7.el8_6 (CVE-2026-41990), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libtasn1-4.13-5.el8_10 (CVE-2018-1000654, CVE-2025-13151), nss-softokn-freebl-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), platform-python-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), libcurl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), nss-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4438), libarchive-3.3.3-7.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2022-3857, CVE-2026-27171), curl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), glibc-2.28-251.el8_10.31 (CVE-2026-4438), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), libxml2-2.9.7-21.el8_10.4 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 152 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":7,"medium":144,"low":152,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353", "digests": ["sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f"]}} {"result":"SUCCESS","timestamp":"2026-05-07T23:45:16+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-pac-gitlab-qtyrdo6ac821567b376ea1f7666cdf6d563b63-pod | init container: prepare 2026/05/07 23:44:54 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo6ac821567b376ea1f7666cdf6d563b63-pod | container step-apply-additional-tags: time="2026-05-07T23:44:57Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353" time="2026-05-07T23:44:57Z" level=info msg="[param] digest: sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f" time="2026-05-07T23:44:57Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-07T23:44:58Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-pac-gitlab-qtyrdocd19469f5153d9fb391d9d97e6370a17-pod | init container: prepare 2026/05/07 23:44:54 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdocd19469f5153d9fb391d9d97e6370a17-pod | init container: place-scripts 2026/05/07 23:44:55 Decoded script /tekton/scripts/script-0-tcv48 2026/05/07 23:44:55 Decoded script /tekton/scripts/script-1-xg74q pod: test-comp-pac-gitlab-qtyrdocd19469f5153d9fb391d9d97e6370a17-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 45.534 sec (0 m 45 s) Start Date: 2026:05:07 23:45:13 End Date: 2026:05:07 23:45:59 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27993/Wed May 6 06:24:57 2026 Database version: 27993 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778197559","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197559","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197559","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353", "digests": ["sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f"]}} pod: test-comp-pac-gitlab-qtyrdocd19469f5153d9fb391d9d97e6370a17-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353@sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading aab3d8343d30 clamscan-result-amd64.log Uploading e61056a019fd clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded e61056a019fd clamscan-ec-test-amd64.json Uploaded aab3d8343d30 clamscan-result-amd64.log Uploading 2afd739eb8d6 application/vnd.oci.image.manifest.v1+json Uploaded 2afd739eb8d6 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353@sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f Digest: sha256:2afd739eb8d69a4e59b7b4a8f1aab818c2bf5f8de7f10a5f923054878f017b31 pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | init container: prepare 2026/05/07 23:44:53 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | init container: place-scripts 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-0-7x8bz 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-1-4ll47 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-2-49d6f 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-3-85d48 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-4-p5lrq 2026/05/07 23:44:54 Decoded script /tekton/scripts/script-5-lsqzq pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Auth json written to "/auth/auth.json". pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | container step-set-skip-for-bundles: 2026/05/07 23:45:01 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | container step-app-check: time="2026-05-07T23:45:01Z" level=info msg="certification library version" version="1.17.2 " time="2026-05-07T23:45:02Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 for platform amd64" time="2026-05-07T23:45:02Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353" time="2026-05-07T23:45:10Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-3252331584/fs/licenses: no such file or directory" check=HasLicense time="2026-05-07T23:45:10Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-07T23:45:10Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-07T23:45:10Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-07T23:45:10Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-07T23:45:10Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-07T23:45:10Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-05-07T23:45:10Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-07T23:45:19Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-07T23:45:19Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-07T23:45:19Z" level=info msg="This image's tag on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 will be paired with digest sha256:6b47fc59deed1a3e6fc167df984959c2667a9b40e0b12c420d3307eac8618b3f once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 39, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 9002, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 300, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-07T23:45:19Z" level=info msg="Preflight result: FAILED" pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778197520","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-b21ca74a71acdc062f5fbc426cc064fd9ad58353 pod: test-comp-pac-gitlab-qtyrdod9316957f330cd4860a2bea6eb2a91b2-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778197520","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}New PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln found after retrigger for component gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln found for Component gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Running PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln reason: Failed attempt 3/3: PipelineRun "test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln" failed: pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln-init-pod | init container: prepare 2026/05/07 23:46:30 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln-init-pod | container step-init: time="2026-05-07T23:46:33Z" level=info msg="[param] enable: false" time="2026-05-07T23:46:33Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T23:46:33Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T23:46:33Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T23:46:33Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T23:46:33Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T23:46:33Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T23:46:33Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T23:46:33Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | init container: prepare 2026/05/07 23:48:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | init container: place-scripts 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-v79gc 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-txzfq pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 39.400 sec (0 m 39 s) Start Date: 2026:05:07 23:48:52 End Date: 2026:05:07 23:49:31 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27993/Wed May 6 06:24:57 2026 Database version: 27993 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778197771","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197771","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197771","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d", "digests": ["sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64"]}} pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 029791dbc40b clamscan-result-amd64.log Uploading d767c420971b clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded d767c420971b clamscan-ec-test-amd64.json Uploaded 029791dbc40b clamscan-result-amd64.log Uploading 152cfcfe78a7 application/vnd.oci.image.manifest.v1+json Uploaded 152cfcfe78a7 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 Digest: sha256:152cfcfe78a7f38c82d56263496bda6b63ddbca15268a62c54ec1c7da38b3226 pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | init container: prepare 2026/05/07 23:48:24 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | init container: place-scripts 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-r764d 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-gc4z9 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-2-n9frd 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-3-ljm4x 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-4-dhj8d 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-5-cwhj2 pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d time="2026-05-07T23:48:28Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: pinging container registry quay.io: received unexpected HTTP status: 502 Bad Gateway" The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Auth json written to "/auth/auth.json". pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-set-skip-for-bundles: 2026/05/07 23:48:42 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-app-check: time="2026-05-07T23:48:42Z" level=info msg="certification library version" version="1.17.2 " time="2026-05-07T23:48:51Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d for platform amd64" time="2026-05-07T23:48:51Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d" time="2026-05-07T23:49:01Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-3692195987/fs/licenses: no such file or directory" check=HasLicense time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-07T23:49:01Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-05-07T23:49:01Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-07T23:49:10Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-07T23:49:10Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-07T23:49:10Z" level=info msg="This image's tag on-pr-9563c74c641ed57d00587689aa7c536c690dd28d will be paired with digest sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 45, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8811, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 252, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-07T23:49:10Z" level=info msg="Preflight result: FAILED" pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778197750","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778197750","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | init container: prepare 2026/05/07 23:48:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | init container: place-scripts 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-8sc8m 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-m7tr2 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-2-z2qsn 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-3-qwp4p pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64. pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-05-07T23:48:30Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-05-07T23:48:30Z INF libvuln initialized component=libvuln/New 2026-05-07T23:48:30Z INF registered configured scanners component=libindex/New 2026-05-07T23:48:30Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-05-07T23:48:30Z INF index request start component=libindex/Libindex.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 2026-05-07T23:48:30Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 2026-05-07T23:48:30Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=CheckManifest 2026-05-07T23:48:30Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=FetchLayers 2026-05-07T23:48:32Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=FetchLayers 2026-05-07T23:48:32Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=FetchLayers 2026-05-07T23:48:32Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=ScanLayers 2026-05-07T23:48:32Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697 scanner=rhel_containerscanner state=ScanLayers 2026-05-07T23:48:32Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.19.0.10-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-05-07T23:48:32Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=ScanLayers 2026-05-07T23:48:32Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=IndexManifest 2026-05-07T23:48:32Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=IndexFinished 2026-05-07T23:48:32Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=IndexFinished 2026-05-07T23:48:32Z INF index request done component=libindex/Libindex.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 { "manifest_hash": "sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "22yBCZl99yVP86UHT7jTdw==": { "id": "22yBCZl99yVP86UHT7jTdw==", "name": "tzdata", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2gKctomQ2vBMxlyAOjcc7g==": { "id": "2gKctomQ2vBMxlyAOjcc7g==", "name": "sed", "version": "4.5-5.el8_10", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4flTdmUV4iK1Ax+LXJm8qQ==": { "id": "4flTdmUV4iK1Ax+LXJm8qQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4mBaAtvqw4Xnt3KyHa6xnQ==": { "id": "4mBaAtvqw4Xnt3KyHa6xnQ==", "name": "java-17-openjdk-headless", "version": "1:17.0.19.0.10-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.19.0.10-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACY3djwkey7ZIXbd0V+Giw==": { "id": "ACY3djwkey7ZIXbd0V+Giw==", "name": "nss-sysinit", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AIs6pmCup5N9+6Ag6e2/og==": { "id": "AIs6pmCup5N9+6Ag6e2/og==", "name": "openssl-libs", "version": "1:1.1.1k-15.el8_6", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-15.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CP6fmHsRon29d9dGmAC8yQ==": { "id": "CP6fmHsRon29d9dGmAC8yQ==", "name": "nss-softokn", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DV119Dw0W4RdsbJkdoHU9w==": { "id": "DV119Dw0W4RdsbJkdoHU9w==", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DgyhtZBcSIlVmY6xC8s1mA==": { "id": "DgyhtZBcSIlVmY6xC8s1mA==", "name": "coreutils-single", "version": "8.30-17.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-17.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Dmgfuk4/ZGW2Pjrf3pzOwg==": { "id": "Dmgfuk4/ZGW2Pjrf3pzOwg==", "name": "nss-util", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KYSXsdsObSOPb3/iOOdbDw==": { "id": "KYSXsdsObSOPb3/iOOdbDw==", "name": "nss-softokn-freebl", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LkoLKEri5dIAb0vFMkSOag==": { "id": "LkoLKEri5dIAb0vFMkSOag==", "name": "glibc-common", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MA5xnJmwv4AJZhc2768UiA==": { "id": "MA5xnJmwv4AJZhc2768UiA==", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ORsDK2A5479NPB0r01PoXQ==": { "id": "ORsDK2A5479NPB0r01PoXQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5UTXxqhA6R98OWY7h85rQ==": { "id": "P5UTXxqhA6R98OWY7h85rQ==", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PYGQE1Mr52aqIP4tEB4VSw==": { "id": "PYGQE1Mr52aqIP4tEB4VSw==", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RRWuvyUdhwGbBo2a/Ra1hw==": { "id": "RRWuvyUdhwGbBo2a/Ra1hw==", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U3ZkYu9FoEzQITrVBlQtLA==": { "id": "U3ZkYu9FoEzQITrVBlQtLA==", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Vax934M9zGbzjdT3Y/XU9w==": { "id": "Vax934M9zGbzjdT3Y/XU9w==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ar0do80Wlk1FaVvtx66g6Q==": { "id": "ar0do80Wlk1FaVvtx66g6Q==", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iKjky3d+XDnwdlXfvLvp/A==": { "id": "iKjky3d+XDnwdlXfvLvp/A==", "name": "python3-libs", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "j5YRt82iOHry4ndSyCLgaA==": { "id": "j5YRt82iOHry4ndSyCLgaA==", "name": "cups-libs", "version": "1:2.2.6-67.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-67.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kup9SZcgg13wnbXIW3GyJA==": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oUYls//IDfQ4QSLGKlUoZg==": { "id": "oUYls//IDfQ4QSLGKlUoZg==", "name": "systemd-libs", "version": "239-82.el8_10.16", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.16", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "q4X/5GGPJSNoqWY61ewdVA==": { "id": "q4X/5GGPJSNoqWY61ewdVA==", "name": "tzdata-java", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "qdszmGofYYLyezIthPq1jw==": { "id": "qdszmGofYYLyezIthPq1jw==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1777859697", "kind": "binary", "source": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "trIX86+UkjuJsaeYfHvnYw==": { "id": "trIX86+UkjuJsaeYfHvnYw==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.2", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQNSAAyfpn1pixah4j5PmA==": { "id": "wQNSAAyfpn1pixah4j5PmA==", "name": "platform-python", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zdqdBY2jg/Zs374g8Ylc6g==": { "id": "zdqdBY2jg/Zs374g8Ylc6g==", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "ce03cd51-de99-4601-bdf1-a5210749c9ff": { "id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "530ba96a-bc29-49e0-be1f-43cde55828e5": { "id": "530ba96a-bc29-49e0-be1f-43cde55828e5", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "7f7e0681-2ce5-4840-b11c-103ed273588f": { "id": "7f7e0681-2ce5-4840-b11c-103ed273588f", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "ac74a291-0c9c-4088-b4a6-dcee240190f1": { "id": "ac74a291-0c9c-4088-b4a6-dcee240190f1", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54": { "id": "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "e5eec09a-ace7-4aae-81b7-3a227580d7a8": { "id": "e5eec09a-ace7-4aae-81b7-3a227580d7a8", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "f40841b9-ddbb-4d5e-a143-16a34310963e": { "id": "f40841b9-ddbb-4d5e-a143-16a34310963e", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "22yBCZl99yVP86UHT7jTdw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "2gKctomQ2vBMxlyAOjcc7g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "ACY3djwkey7ZIXbd0V+Giw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "AIs6pmCup5N9+6Ag6e2/og==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "CP6fmHsRon29d9dGmAC8yQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "DV119Dw0W4RdsbJkdoHU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "DgyhtZBcSIlVmY6xC8s1mA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "KYSXsdsObSOPb3/iOOdbDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "LkoLKEri5dIAb0vFMkSOag==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "MA5xnJmwv4AJZhc2768UiA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "ORsDK2A5479NPB0r01PoXQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "P5UTXxqhA6R98OWY7h85rQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "PYGQE1Mr52aqIP4tEB4VSw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "RRWuvyUdhwGbBo2a/Ra1hw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "U3ZkYu9FoEzQITrVBlQtLA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Vax934M9zGbzjdT3Y/XU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "ar0do80Wlk1FaVvtx66g6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "iKjky3d+XDnwdlXfvLvp/A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "j5YRt82iOHry4ndSyCLgaA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "kup9SZcgg13wnbXIW3GyJA==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "7f7e0681-2ce5-4840-b11c-103ed273588f", "7f7e0681-2ce5-4840-b11c-103ed273588f" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "oUYls//IDfQ4QSLGKlUoZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "q4X/5GGPJSNoqWY61ewdVA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "qdszmGofYYLyezIthPq1jw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "7f7e0681-2ce5-4840-b11c-103ed273588f", "7f7e0681-2ce5-4840-b11c-103ed273588f" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "trIX86+UkjuJsaeYfHvnYw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "wQNSAAyfpn1pixah4j5PmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "zdqdBY2jg/Zs374g8Ylc6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ] }, "vulnerabilities": { "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0QzoXQSqkKieJ7Oc+px0JA==": { "id": "0QzoXQSqkKieJ7Oc+px0JA==", "updater": "rhel-vex", "name": "CVE-2025-13837", "description": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.", "issued": "2025-12-01T18:13:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13837 https://bugzilla.redhat.com/show_bug.cgi?id=2418084 https://www.cve.org/CVERecord?id=CVE-2025-13837 https://nvd.nist.gov/vuln/detail/CVE-2025-13837 https://github.com/python/cpython/issues/119342 https://github.com/python/cpython/pull/119343 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13837.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0WTD6ZUY2Zj2w0R3oyPWRw==": { "id": "0WTD6ZUY2Zj2w0R3oyPWRw==", "updater": "rhel-vex", "name": "CVE-2026-34980", "description": "A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the `page-border` value, allowing an attacker to embed and reparse malicious text as a trusted scheduler control record. This can lead to arbitrary code execution with the privileges of the 'lp' user, potentially compromising the affected system.", "issued": "2026-04-03T21:18:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34980 https://bugzilla.redhat.com/show_bug.cgi?id=2454954 https://www.cve.org/CVERecord?id=CVE-2026-34980 https://nvd.nist.gov/vuln/detail/CVE-2026-34980 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34980.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0fCtWwB6iclgRvIA+IqiJQ==": { "id": "0fCtWwB6iclgRvIA+IqiJQ==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0nQ3GJDLY22M176Z5ESg6A==": { "id": "0nQ3GJDLY22M176Z5ESg6A==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0v/g0Z/XEXV13r48i52JgA==": { "id": "0v/g0Z/XEXV13r48i52JgA==", "updater": "rhel-vex", "name": "CVE-2026-6276", "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6276 https://bugzilla.redhat.com/show_bug.cgi?id=2461203 https://www.cve.org/CVERecord?id=CVE-2026-6276 https://nvd.nist.gov/vuln/detail/CVE-2026-6276 https://curl.se/docs/CVE-2026-6276.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6276.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1lUHOMB3ANHGWpqCBv9Ynw==": { "id": "1lUHOMB3ANHGWpqCBv9Ynw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1vG4ZYIu07BTj9XJ+a+P9Q==": { "id": "1vG4ZYIu07BTj9XJ+a+P9Q==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "29qrZyz+fmdn9Nzjpl2/Pg==": { "id": "29qrZyz+fmdn9Nzjpl2/Pg==", "updater": "rhel-vex", "name": "CVE-2026-22693", "description": "A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault.", "issued": "2026-01-10T05:53:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22693 https://bugzilla.redhat.com/show_bug.cgi?id=2428439 https://www.cve.org/CVERecord?id=CVE-2026-22693 https://nvd.nist.gov/vuln/detail/CVE-2026-22693 https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22693.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U6d1qsPVwS8vUnflv9AcQ==": { "id": "2U6d1qsPVwS8vUnflv9AcQ==", "updater": "rhel-vex", "name": "CVE-2026-4873", "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4873 https://bugzilla.redhat.com/show_bug.cgi?id=2461200 https://www.cve.org/CVERecord?id=CVE-2026-4873 https://nvd.nist.gov/vuln/detail/CVE-2026-4873 https://curl.se/docs/CVE-2026-4873.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4873.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U8ppg+02PjFDuM5YqFstQ==": { "id": "2U8ppg+02PjFDuM5YqFstQ==", "updater": "rhel-vex", "name": "CVE-2025-15282", "description": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "issued": "2026-01-20T21:35:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15282 https://bugzilla.redhat.com/show_bug.cgi?id=2431366 https://www.cve.org/CVERecord?id=CVE-2025-15282 https://nvd.nist.gov/vuln/detail/CVE-2025-15282 https://github.com/python/cpython/issues/143925 https://github.com/python/cpython/pull/143926 https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15282.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4IzHXnRQMZXCe1gYATvw==": { "id": "3O4IzHXnRQMZXCe1gYATvw==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4JszZEguo/SAFbgp6PdKMQ==": { "id": "4JszZEguo/SAFbgp6PdKMQ==", "updater": "rhel-vex", "name": "CVE-2026-5773", "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5773 https://bugzilla.redhat.com/show_bug.cgi?id=2461201 https://www.cve.org/CVERecord?id=CVE-2026-5773 https://nvd.nist.gov/vuln/detail/CVE-2026-5773 https://curl.se/docs/CVE-2026-5773.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5773.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5e3gC+KDeb36jTLxBYtijg==": { "id": "5e3gC+KDeb36jTLxBYtijg==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "619DQiII/+IW12e6tmtrxw==": { "id": "619DQiII/+IW12e6tmtrxw==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Cqvzp5JbuVfHsuYnIJNFw==": { "id": "6Cqvzp5JbuVfHsuYnIJNFw==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Xr5PbPGSy+aHLDQ9q4L9w==": { "id": "6Xr5PbPGSy+aHLDQ9q4L9w==", "updater": "rhel-vex", "name": "CVE-2026-1502", "description": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.", "issued": "2026-04-10T17:54:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1502 https://bugzilla.redhat.com/show_bug.cgi?id=2457409 https://www.cve.org/CVERecord?id=CVE-2026-1502 https://nvd.nist.gov/vuln/detail/CVE-2026-1502 https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 https://github.com/python/cpython/issues/146211 https://github.com/python/cpython/pull/146212 https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1502.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6p6EeZQEuYkK2CtO4ey3Ag==": { "id": "6p6EeZQEuYkK2CtO4ey3Ag==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7Puka2o1jq4jSr2Hekrfhg==": { "id": "7Puka2o1jq4jSr2Hekrfhg==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7lnphmrb/VojuhlikpNO5w==": { "id": "7lnphmrb/VojuhlikpNO5w==", "updater": "rhel-vex", "name": "CVE-2026-24401", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS (multicast Domain Name System) response containing a recursive CNAME (Canonical Name) record. This triggers an uncontrolled recursion within the avahi-daemon process, leading to stack exhaustion and causing the service to crash. This results in a denial of service (DoS) for affected systems.", "issued": "2026-01-24T01:25:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24401 https://bugzilla.redhat.com/show_bug.cgi?id=2432534 https://www.cve.org/CVERecord?id=CVE-2026-24401 https://nvd.nist.gov/vuln/detail/CVE-2026-24401 https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524 https://github.com/avahi/avahi/issues/501 https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24401.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8D3i4K1ylUr5dGk9imV9zA==": { "id": "8D3i4K1ylUr5dGk9imV9zA==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8KJb4x3mXgChaQULEsid2A==": { "id": "8KJb4x3mXgChaQULEsid2A==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8TgjbHNGzIFm7/fF9DBU7Q==": { "id": "8TgjbHNGzIFm7/fF9DBU7Q==", "updater": "rhel-vex", "name": "CVE-2026-34757", "description": "A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like png_get_PLTE, by passing it back to a corresponding setter function within the same image structure. This action causes the setter to access memory that has already been deallocated, leading to a use-after-free condition. A local attacker could potentially exploit this flaw to corrupt image metadata or disclose sensitive information from the application's memory.", "issued": "2026-04-09T14:41:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34757 https://bugzilla.redhat.com/show_bug.cgi?id=2456918 https://www.cve.org/CVERecord?id=CVE-2026-34757 https://nvd.nist.gov/vuln/detail/CVE-2026-34757 https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc https://github.com/pnggroup/libpng/issues/836 https://github.com/pnggroup/libpng/issues/837 https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8qOJVWAut1+UqTXPOWH12g==": { "id": "8qOJVWAut1+UqTXPOWH12g==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rvqTFlh9aOz4UvxQN0SBQ==": { "id": "8rvqTFlh9aOz4UvxQN0SBQ==", "updater": "rhel-vex", "name": "CVE-2026-3479", "description": "A flaw was found in Python's `pkgutil.get_data()` function, which is used to retrieve data from packages. This function did not properly validate the `resource` argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories stored outside the intended root directory, potentially leading to information disclosure or unintended file access.", "issued": "2026-03-18T18:13:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3479 https://bugzilla.redhat.com/show_bug.cgi?id=2448746 https://www.cve.org/CVERecord?id=CVE-2026-3479 https://nvd.nist.gov/vuln/detail/CVE-2026-3479 https://github.com/python/cpython/issues/146121 https://github.com/python/cpython/pull/146122 https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3479.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "92KuvWwbPhsQNPu0knrHAQ==": { "id": "92KuvWwbPhsQNPu0knrHAQ==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "97PwDrD8knMveLXwKCvQjA==": { "id": "97PwDrD8knMveLXwKCvQjA==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9ZCmRufeuC0TKSSi9pcU6g==": { "id": "9ZCmRufeuC0TKSSi9pcU6g==", "updater": "rhel-vex", "name": "CVE-2026-41079", "description": "A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Management Protocol (SNMP) response to the CUPS SNMP backend, leading to an out-of-bounds read. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then converted and stored as printer supply description strings. Authenticated users can subsequently view this leaked information through IPP Get-Printer-Attributes responses and the CUPS web interface.", "issued": "2026-04-24T16:54:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41079 https://bugzilla.redhat.com/show_bug.cgi?id=2461611 https://www.cve.org/CVERecord?id=CVE-2026-41079 https://nvd.nist.gov/vuln/detail/CVE-2026-41079 https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080 https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41079.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9jHXNtwzqlOir/Op7pd9+w==": { "id": "9jHXNtwzqlOir/Op7pd9+w==", "updater": "rhel-vex", "name": "CVE-2025-68276", "description": "A flaw was found in Avahi, a system that facilitates service discovery on a local network. An unprivileged local user can exploit this vulnerability by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can lead to a Denial of Service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-01-12T17:31:49Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68276 https://bugzilla.redhat.com/show_bug.cgi?id=2428713 https://www.cve.org/CVERecord?id=CVE-2025-68276 https://nvd.nist.gov/vuln/detail/CVE-2025-68276 https://github.com/avahi/avahi/commit/ede7048475c5d47d53890e3bc1350dda8e0b3688 https://github.com/avahi/avahi/pull/806 https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68276.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9oBjtBiHtz7+Hwc4swPaAw==": { "id": "9oBjtBiHtz7+Hwc4swPaAw==", "updater": "rhel-vex", "name": "CVE-2026-34979", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker could exploit a heap-based buffer overflow by sending specially crafted job attributes when building filter option strings. This could lead to a denial of service, making the printing system unavailable.", "issued": "2026-04-03T21:16:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34979 https://bugzilla.redhat.com/show_bug.cgi?id=2454946 https://www.cve.org/CVERecord?id=CVE-2026-34979 https://nvd.nist.gov/vuln/detail/CVE-2026-34979 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34979.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9zRC9UwUH2bQs1UcHQ5UTQ==": { "id": "9zRC9UwUH2bQs1UcHQ5UTQ==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1UDSDMkPKOSx7ma/geQyg==": { "id": "A1UDSDMkPKOSx7ma/geQyg==", "updater": "rhel-vex", "name": "CVE-2025-68468", "description": "A flaw was found in Avahi. A remote attacker can cause a Denial of Service (DoS) by sending specially crafted unsolicited announcements containing CNAME resource records. These records, when pointing to other resource records with short Time-To-Live (TTL) values, can lead to the `avahi-daemon` crashing once they expire. This vulnerability impacts the availability of services relying on Avahi's service discovery.", "issued": "2026-01-12T17:38:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68468 https://bugzilla.redhat.com/show_bug.cgi?id=2428714 https://www.cve.org/CVERecord?id=CVE-2025-68468 https://nvd.nist.gov/vuln/detail/CVE-2025-68468 https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a https://github.com/avahi/avahi/issues/683 https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B5eXEM8SeidgdpzXoFJFGQ==": { "id": "B5eXEM8SeidgdpzXoFJFGQ==", "updater": "rhel-vex", "name": "CVE-2026-33636", "description": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.", "issued": "2026-03-26T16:51:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33636 https://bugzilla.redhat.com/show_bug.cgi?id=2451819 https://www.cve.org/CVERecord?id=CVE-2026-33636 https://nvd.nist.gov/vuln/detail/CVE-2026-33636 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33636.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BV++s35Ur4bQRS6HK0QCIA==": { "id": "BV++s35Ur4bQRS6HK0QCIA==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bgew407C4GMDdNe8dNeN7w==": { "id": "Bgew407C4GMDdNe8dNeN7w==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Cz+nwSXEXv91W0XvZNqCqw==": { "id": "Cz+nwSXEXv91W0XvZNqCqw==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ElIjMFAz33tt/XVMysRkdA==": { "id": "ElIjMFAz33tt/XVMysRkdA==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Elb2DrZLO9/IaIc7rSPVUg==": { "id": "Elb2DrZLO9/IaIc7rSPVUg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FkRDB0vpJYeh2ipqLS0/Iw==": { "id": "FkRDB0vpJYeh2ipqLS0/Iw==", "updater": "rhel-vex", "name": "CVE-2025-28164", "description": "A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-28164 https://bugzilla.redhat.com/show_bug.cgi?id=2433398 https://www.cve.org/CVERecord?id=CVE-2025-28164 https://nvd.nist.gov/vuln/detail/CVE-2025-28164 https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20 https://github.com/pnggroup/libpng/issues/655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-28164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H9Ud41wofJc/QlL6Rm7WkA==": { "id": "H9Ud41wofJc/QlL6Rm7WkA==", "updater": "rhel-vex", "name": "CVE-2026-0968", "description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.", "issued": "2026-02-10T18:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0968 https://bugzilla.redhat.com/show_bug.cgi?id=2436982 https://www.cve.org/CVERecord?id=CVE-2026-0968 https://nvd.nist.gov/vuln/detail/CVE-2026-0968 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0968.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HB9r/GLycEmk6aXttwtBlw==": { "id": "HB9r/GLycEmk6aXttwtBlw==", "updater": "rhel-vex", "name": "CVE-2025-11468", "description": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "issued": "2026-01-20T21:09:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11468 https://bugzilla.redhat.com/show_bug.cgi?id=2431375 https://www.cve.org/CVERecord?id=CVE-2025-11468 https://nvd.nist.gov/vuln/detail/CVE-2025-11468 https://github.com/python/cpython/issues/143935 https://github.com/python/cpython/pull/143936 https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HNpGGr9eP5twQKC3yCh1mA==": { "id": "HNpGGr9eP5twQKC3yCh1mA==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HdAyLUATPStr/HXiy9fgQw==": { "id": "HdAyLUATPStr/HXiy9fgQw==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I31WPu2ZGWOsqloSJfE2Fg==": { "id": "I31WPu2ZGWOsqloSJfE2Fg==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IItHEdPWz5fl9O7ZhzjDAA==": { "id": "IItHEdPWz5fl9O7ZhzjDAA==", "updater": "rhel-vex", "name": "CVE-2026-0672", "description": "An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "issued": "2026-01-20T21:52:33Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0672 https://bugzilla.redhat.com/show_bug.cgi?id=2431374 https://www.cve.org/CVERecord?id=CVE-2026-0672 https://nvd.nist.gov/vuln/detail/CVE-2026-0672 https://github.com/python/cpython/issues/143919 https://github.com/python/cpython/pull/143920 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0672.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J5qRb3W5uqqCGngAp6UZrg==": { "id": "J5qRb3W5uqqCGngAp6UZrg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "K3eafQ/8P8PEZ3BPWZfCgg==": { "id": "K3eafQ/8P8PEZ3BPWZfCgg==", "updater": "rhel-vex", "name": "CVE-2026-27447", "description": "A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks.", "issued": "2026-04-03T21:11:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27447 https://bugzilla.redhat.com/show_bug.cgi?id=2454949 https://www.cve.org/CVERecord?id=CVE-2026-27447 https://nvd.nist.gov/vuln/detail/CVE-2026-27447 https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220 https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27447.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KCgCqCavM9U0xL+GHJqzSg==": { "id": "KCgCqCavM9U0xL+GHJqzSg==", "updater": "rhel-vex", "name": "CVE-2026-0964", "description": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111.", "issued": "2026-02-10T18:44:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0964 https://bugzilla.redhat.com/show_bug.cgi?id=2436979 https://www.cve.org/CVERecord?id=CVE-2026-0964 https://nvd.nist.gov/vuln/detail/CVE-2026-0964 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0964.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KExChYIaW0MvXNLWbjS/Hw==": { "id": "KExChYIaW0MvXNLWbjS/Hw==", "updater": "rhel-vex", "name": "CVE-2026-41080", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption.", "issued": "2026-04-16T16:52:01Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2458967 https://www.cve.org/CVERecord?id=CVE-2026-41080 https://nvd.nist.gov/vuln/detail/CVE-2026-41080 https://github.com/libexpat/libexpat/issues/47 https://github.com/libexpat/libexpat/pull/1183 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41080.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3k0cIIlkMGQFiWnZm8Mlg==": { "id": "L3k0cIIlkMGQFiWnZm8Mlg==", "updater": "rhel-vex", "name": "CVE-2025-12781", "description": "A flaw was found in the base64 module in the Python standard library. The b64decode, standard_b64decode and urlsafe_b64decode functions will always accept the '+' and '/' characters even when an alternative base64 alphabet is specified via the altchars parameter that excludes them. This input validation bypass allows malformed or unexpected data to pass through decoding filters, potentially causing logical errors or data integrity issues in applications relying on strict character sets.", "issued": "2026-01-21T19:34:47Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12781 https://bugzilla.redhat.com/show_bug.cgi?id=2431736 https://www.cve.org/CVERecord?id=CVE-2025-12781 https://nvd.nist.gov/vuln/detail/CVE-2025-12781 https://github.com/python/cpython/issues/125346 https://github.com/python/cpython/pull/141128 https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12781.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LTmcTrhW8bJGvJXJVPjm/g==": { "id": "LTmcTrhW8bJGvJXJVPjm/g==", "updater": "rhel-vex", "name": "CVE-2026-24515", "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "issued": "2026-01-23T07:46:36Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24515 https://bugzilla.redhat.com/show_bug.cgi?id=2432312 https://www.cve.org/CVERecord?id=CVE-2026-24515 https://nvd.nist.gov/vuln/detail/CVE-2026-24515 https://github.com/libexpat/libexpat/pull/1131 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24515.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LWLSX4FCLbzYWK97i5Or+A==": { "id": "LWLSX4FCLbzYWK97i5Or+A==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lt2Hg7sVYgz0GD7ldFmjjA==": { "id": "Lt2Hg7sVYgz0GD7ldFmjjA==", "updater": "rhel-vex", "name": "CVE-2026-32777", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "issued": "2026-03-16T06:58:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32777 https://bugzilla.redhat.com/show_bug.cgi?id=2447890 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://nvd.nist.gov/vuln/detail/CVE-2026-32777 https://github.com/libexpat/libexpat/issues/1161 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1162 https://issues.oss-fuzz.com/issues/486993411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32777.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MW3KGjkk7BWuR5JCc6cywg==": { "id": "MW3KGjkk7BWuR5JCc6cywg==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O8fIVXqcGshIonMWsEH9gA==": { "id": "O8fIVXqcGshIonMWsEH9gA==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OFdQC3/0S5rItoyqpACTFw==": { "id": "OFdQC3/0S5rItoyqpACTFw==", "updater": "rhel-vex", "name": "CVE-2026-4224", "description": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.", "issued": "2026-03-16T17:52:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4224 https://bugzilla.redhat.com/show_bug.cgi?id=2448181 https://www.cve.org/CVERecord?id=CVE-2026-4224 https://nvd.nist.gov/vuln/detail/CVE-2026-4224 https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 https://github.com/python/cpython/issues/145986 https://github.com/python/cpython/pull/145987 https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4224.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OGfYu06hscS+jx5HR8e1UQ==": { "id": "OGfYu06hscS+jx5HR8e1UQ==", "updater": "rhel-vex", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "2026-04-30T17:28:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33845 https://bugzilla.redhat.com/show_bug.cgi?id=2450624 https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OLKvdPVgT9/lPcflJTxE3Q==": { "id": "OLKvdPVgT9/lPcflJTxE3Q==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OPNDKUsVLJt2v1gO1zvkBA==": { "id": "OPNDKUsVLJt2v1gO1zvkBA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OTZM0RD60ajdSeEqWGkkTw==": { "id": "OTZM0RD60ajdSeEqWGkkTw==", "updater": "rhel-vex", "name": "CVE-2026-26740", "description": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.", "issued": "2026-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26740 https://bugzilla.redhat.com/show_bug.cgi?id=2448747 https://www.cve.org/CVERecord?id=CVE-2026-26740 https://nvd.nist.gov/vuln/detail/CVE-2026-26740 https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26740.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OgFGrvrnAoXXvapnatTrxQ==": { "id": "OgFGrvrnAoXXvapnatTrxQ==", "updater": "rhel-vex", "name": "CVE-2026-0965", "description": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.", "issued": "2026-02-10T18:47:22Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0965 https://bugzilla.redhat.com/show_bug.cgi?id=2436980 https://www.cve.org/CVERecord?id=CVE-2026-0965 https://nvd.nist.gov/vuln/detail/CVE-2026-0965 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0965.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oi3Y6I7JDcoQrQyH+jMXWw==": { "id": "Oi3Y6I7JDcoQrQyH+jMXWw==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OpUahpCA4oBceG962KxTMA==": { "id": "OpUahpCA4oBceG962KxTMA==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pe4IHqZpuBtuSkrgd2HMEg==": { "id": "Pe4IHqZpuBtuSkrgd2HMEg==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q5xJp4zJ1MCYcYbDi9qrdQ==": { "id": "Q5xJp4zJ1MCYcYbDi9qrdQ==", "updater": "rhel-vex", "name": "CVE-2026-25068", "description": "alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.", "issued": "2026-01-29T19:08:03Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25068 https://bugzilla.redhat.com/show_bug.cgi?id=2435372 https://www.cve.org/CVERecord?id=CVE-2026-25068 https://nvd.nist.gov/vuln/detail/CVE-2026-25068 https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-overflow https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25068.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "alsa-lib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QwBnC+2unbl7BaURui6Tng==": { "id": "QwBnC+2unbl7BaURui6Tng==", "updater": "rhel-vex", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "2026-04-30T17:29:25Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762 https://www.cve.org/CVERecord?id=CVE-2026-3832 https://nvd.nist.gov/vuln/detail/CVE-2026-3832 https://gitlab.com/gnutls/gnutls/-/issues/1801 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3832.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RXjd5U95osIGXnqCa34Jkg==": { "id": "RXjd5U95osIGXnqCa34Jkg==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RYqFgDYIttLgJc8B82sK/w==": { "id": "RYqFgDYIttLgJc8B82sK/w==", "updater": "rhel-vex", "name": "CVE-2025-66382", "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "issued": "2025-11-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66382 https://bugzilla.redhat.com/show_bug.cgi?id=2417661 https://www.cve.org/CVERecord?id=CVE-2025-66382 https://nvd.nist.gov/vuln/detail/CVE-2025-66382 https://github.com/libexpat/libexpat/issues/1076 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66382.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdjNn4dAdZKcn6VS95a/SQ==": { "id": "RdjNn4dAdZKcn6VS95a/SQ==", "updater": "rhel-vex", "name": "CVE-2026-39314", "description": "A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol (IPP) attribute. This manipulation causes the cupsd root process to crash, which can be repeatedly triggered to achieve a sustained Denial of Service (DoS) on the system.", "issued": "2026-04-07T16:59:23Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39314 https://bugzilla.redhat.com/show_bug.cgi?id=2456107 https://www.cve.org/CVERecord?id=CVE-2026-39314 https://nvd.nist.gov/vuln/detail/CVE-2026-39314 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39314.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rfm1tD+QxSP/TVjKFDNabg==": { "id": "Rfm1tD+QxSP/TVjKFDNabg==", "updater": "rhel-vex", "name": "CVE-2026-0967", "description": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.", "issued": "2026-02-10T18:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0967 https://bugzilla.redhat.com/show_bug.cgi?id=2436981 https://www.cve.org/CVERecord?id=CVE-2026-0967 https://nvd.nist.gov/vuln/detail/CVE-2026-0967 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0967.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rw8DyDlyRHRJOeZaAbGMRA==": { "id": "Rw8DyDlyRHRJOeZaAbGMRA==", "updater": "rhel-vex", "name": "CVE-2025-59529", "description": "A flaw was found in avahi. The simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local Denial of Service.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59529 https://bugzilla.redhat.com/show_bug.cgi?id=2405338 https://www.cve.org/CVERecord?id=CVE-2025-59529 https://nvd.nist.gov/vuln/detail/CVE-2025-59529 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Te9j1HGn7feNCE/Fduu0+A==": { "id": "Te9j1HGn7feNCE/Fduu0+A==", "updater": "rhel-vex", "name": "CVE-2025-64505", "description": "A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.", "issued": "2025-11-24T23:38:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64505 https://bugzilla.redhat.com/show_bug.cgi?id=2416905 https://www.cve.org/CVERecord?id=CVE-2025-64505 https://nvd.nist.gov/vuln/detail/CVE-2025-64505 https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 https://github.com/pnggroup/libpng/pull/748 https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64505.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TuBnhFrkwMqIcYtYYgNGNQ==": { "id": "TuBnhFrkwMqIcYtYYgNGNQ==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UUIKm7f4jyfDWGKvptUQ8Q==": { "id": "UUIKm7f4jyfDWGKvptUQ8Q==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://www.libssh.org/security/advisories/CVE-2025-8277.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UyCjBcpeB0nhkRTVhUcAJQ==": { "id": "UyCjBcpeB0nhkRTVhUcAJQ==", "updater": "rhel-vex", "name": "CVE-2026-39316", "description": "A flaw was found in CUPS, an open-source printing system. This vulnerability, known as a use-after-free, occurs in the CUPS scheduler when temporary printers are automatically removed. The system fails to properly manage memory, leaving a pointer to a freed memory location. An attacker could exploit this to cause the CUPS daemon to crash, leading to a denial of service. In more severe scenarios, this could potentially allow an attacker to execute arbitrary code.", "issued": "2026-04-07T17:00:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39316 https://bugzilla.redhat.com/show_bug.cgi?id=2456120 https://www.cve.org/CVERecord?id=CVE-2026-39316 https://nvd.nist.gov/vuln/detail/CVE-2026-39316 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39316.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VLzwKVDYC7fQrtcpCzjXjA==": { "id": "VLzwKVDYC7fQrtcpCzjXjA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VP8+3bQwNwMNm6AhYTNJBQ==": { "id": "VP8+3bQwNwMNm6AhYTNJBQ==", "updater": "rhel-vex", "name": "CVE-2026-22020", "description": "No description is available for this CVE.", "issued": "2026-04-21T20:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2460045 https://www.cve.org/CVERecord?id=CVE-2026-22020 https://nvd.nist.gov/vuln/detail/CVE-2026-22020 https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22020.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VPoF+qCqaQ4y2sVl2255/g==": { "id": "VPoF+qCqaQ4y2sVl2255/g==", "updater": "rhel-vex", "name": "CVE-2026-33416", "description": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.", "issued": "2026-03-26T16:48:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33416 https://bugzilla.redhat.com/show_bug.cgi?id=2451805 https://www.cve.org/CVERecord?id=CVE-2026-33416 https://nvd.nist.gov/vuln/detail/CVE-2026-33416 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 https://github.com/pnggroup/libpng/pull/824 https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33416.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/DMqBRMDYVkVH3D67luGg==": { "id": "W/DMqBRMDYVkVH3D67luGg==", "updater": "rhel-vex", "name": "CVE-2025-64118", "description": "A flaw was found in node-tar, a Tar utility for Node.js. This vulnerability allows a local attacker to potentially disclose sensitive information. When the .t (or .list) function is used with { sync: true } to read tar entry contents, and the tar file is concurrently modified on disk to a smaller size, the function may return uninitialized memory contents. This could lead to the exposure of arbitrary data.", "issued": "2025-10-30T17:50:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64118 https://bugzilla.redhat.com/show_bug.cgi?id=2407440 https://www.cve.org/CVERecord?id=CVE-2025-64118 https://nvd.nist.gov/vuln/detail/CVE-2025-64118 https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64118.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WGvgNwrW2u5APZcidQ6v1Q==": { "id": "WGvgNwrW2u5APZcidQ6v1Q==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WcChSpNAL6V9Xfxc9AqW7g==": { "id": "WcChSpNAL6V9Xfxc9AqW7g==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Wp4+QBQm4nhI8rQxVklEXw==": { "id": "Wp4+QBQm4nhI8rQxVklEXw==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://www.libssh.org/security/advisories/CVE-2025-4878.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XBiy/XVR6SoThCkYUmkD1g==": { "id": "XBiy/XVR6SoThCkYUmkD1g==", "updater": "rhel-vex", "name": "CVE-2026-33056", "description": "A flaw was found in tar-rs, a Rust library for reading and writing tar archives. When unpacking a crafted tar archive, an attacker can exploit a symbolic link vulnerability. By including a symlink followed by a directory with the same name, the library incorrectly applies file permissions to the symlink's target. This allows an attacker to modify the permissions of arbitrary directories outside the intended extraction location.", "issued": "2026-03-20T07:11:10Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33056 https://bugzilla.redhat.com/show_bug.cgi?id=2449490 https://www.cve.org/CVERecord?id=CVE-2026-33056 https://nvd.nist.gov/vuln/detail/CVE-2026-33056 https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446 https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XXiaw1EwhFkuilI94EKiqQ==": { "id": "XXiaw1EwhFkuilI94EKiqQ==", "updater": "rhel-vex", "name": "CVE-2026-5713", "description": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.", "issued": "2026-04-14T15:11:51Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5713 https://bugzilla.redhat.com/show_bug.cgi?id=2458239 https://www.cve.org/CVERecord?id=CVE-2026-5713 https://nvd.nist.gov/vuln/detail/CVE-2026-5713 https://github.com/python/cpython/issues/148178 https://github.com/python/cpython/pull/148187 https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5713.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XbpXfbeApuDuIKvY0/qWiA==": { "id": "XbpXfbeApuDuIKvY0/qWiA==", "updater": "rhel-vex", "name": "CVE-2026-3731", "description": "A flaw was found in libssh. A remote attacker could trigger an out-of-bounds read vulnerability in the SFTP Extension Name Handler by manipulating the `idx` argument in the `sftp_extensions_get_name` or `sftp_extensions_get_data` functions. This could lead to a Denial of Service (DoS), making the affected system unresponsive.", "issued": "2026-03-08T10:32:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3731 https://bugzilla.redhat.com/show_bug.cgi?id=2445579 https://www.cve.org/CVERecord?id=CVE-2026-3731 https://nvd.nist.gov/vuln/detail/CVE-2026-3731 https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60 https://vuldb.com/?ctiid.349709 https://vuldb.com/?id.349709 https://vuldb.com/?submit.767120 https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3731.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XygysGe2kdlyCRQHM1fu3w==": { "id": "XygysGe2kdlyCRQHM1fu3w==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YoCxZvEp16Bt9LDv+Ficeg==": { "id": "YoCxZvEp16Bt9LDv+Ficeg==", "updater": "rhel-vex", "name": "CVE-2025-64506", "description": "A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.", "issued": "2025-11-24T23:41:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64506 https://bugzilla.redhat.com/show_bug.cgi?id=2416906 https://www.cve.org/CVERecord?id=CVE-2025-64506 https://nvd.nist.gov/vuln/detail/CVE-2025-64506 https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 https://github.com/pnggroup/libpng/pull/749 https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64506.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZdcpNqfrXAb14fwUEQLWGQ==": { "id": "ZdcpNqfrXAb14fwUEQLWGQ==", "updater": "rhel-vex", "name": "CVE-2026-41254", "description": "A flaw was found in Little CMS. An integer overflow in the `CubeSize` function within `cmslut.c` occurs because the overflow check is performed after the multiplication. An attacker could exploit this vulnerability by providing a specially crafted input, potentially leading to information disclosure or a denial of service (DoS), which makes the system unavailable to legitimate users.", "issued": "2026-04-18T06:43:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41254 https://bugzilla.redhat.com/show_bug.cgi?id=2459420 https://www.cve.org/CVERecord?id=CVE-2026-41254 https://nvd.nist.gov/vuln/detail/CVE-2026-41254 https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/ https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq https://www.openwall.com/lists/oss-security/2026/04/17/16 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41254.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZkEez7f24VNVhTaTCDhuEg==": { "id": "ZkEez7f24VNVhTaTCDhuEg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZlxfTVb/4bi6yWQ+JLaOnw==": { "id": "ZlxfTVb/4bi6yWQ+JLaOnw==", "updater": "rhel-vex", "name": "CVE-2026-2297", "description": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.", "issued": "2026-03-04T22:10:43Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2297 https://bugzilla.redhat.com/show_bug.cgi?id=2444691 https://www.cve.org/CVERecord?id=CVE-2026-2297 https://nvd.nist.gov/vuln/detail/CVE-2026-2297 https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 https://github.com/python/cpython/issues/145506 https://github.com/python/cpython/pull/145507 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Znm2hdK/FULQhTTGTVX59Q==": { "id": "Znm2hdK/FULQhTTGTVX59Q==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp5q2R9PHTn/pmrn158k9A==": { "id": "Zp5q2R9PHTn/pmrn158k9A==", "updater": "rhel-vex", "name": "CVE-2026-41989", "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "issued": "2026-04-23T04:30:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41989 https://bugzilla.redhat.com/show_bug.cgi?id=2461063 https://www.cve.org/CVERecord?id=CVE-2026-41989 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 https://dev.gnupg.org/T8211 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41989.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "avzu5SRbIjcduH4QdmZ1gg==": { "id": "avzu5SRbIjcduH4QdmZ1gg==", "updater": "rhel-vex", "name": "CVE-2026-0966", "description": "The API function `ssh_get_hexa()` is vulnerable, when 0-lenght\ninput is provided to this function. This function is used internally\nin `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),\nwhich is vulnerable to the same input (length is provided by the\ncalling application).\n\nThe function is also used internally in the gssapi code for logging\nthe OIDs received by the server during GSSAPI authentication. This\ncould be triggered remotely, when the server allows GSSAPI authentication\nand logging verbosity is set at least to SSH_LOG_PACKET (3). This\ncould cause self-DoS of the per-connection daemon process.", "issued": "2026-02-10T18:47:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0966 https://bugzilla.redhat.com/show_bug.cgi?id=2433121 https://www.cve.org/CVERecord?id=CVE-2026-0966 https://nvd.nist.gov/vuln/detail/CVE-2026-0966 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0966.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cW+DgNrGAeRAwNB4wrDZhw==": { "id": "cW+DgNrGAeRAwNB4wrDZhw==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cqYWiTibDLM7aibErMKang==": { "id": "cqYWiTibDLM7aibErMKang==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "crmilTSJ/pTSPBKY9EJmZg==": { "id": "crmilTSJ/pTSPBKY9EJmZg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dYucp/SettSQd/Hpukj6pA==": { "id": "dYucp/SettSQd/Hpukj6pA==", "updater": "rhel-vex", "name": "CVE-2026-5545", "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5545 https://bugzilla.redhat.com/show_bug.cgi?id=2461204 https://www.cve.org/CVERecord?id=CVE-2026-5545 https://nvd.nist.gov/vuln/detail/CVE-2026-5545 https://curl.se/docs/CVE-2026-5545.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5545.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eCNdMtt9JN2Rrb8I23NIsA==": { "id": "eCNdMtt9JN2Rrb8I23NIsA==", "updater": "rhel-vex", "name": "CVE-2026-34990", "description": "A flaw was found in OpenPrinting CUPS. A local unprivileged user can exploit this vulnerability by coercing the `cupsd` service to authenticate to an attacker-controlled Internet Printing Protocol (IPP) service. This allows the user to create a persistent printer queue that can overwrite arbitrary files with root privileges. Successful exploitation can lead to privilege escalation and arbitrary root command execution.", "issued": "2026-04-03T21:14:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34990 https://bugzilla.redhat.com/show_bug.cgi?id=2454947 https://www.cve.org/CVERecord?id=CVE-2026-34990 https://nvd.nist.gov/vuln/detail/CVE-2026-34990 https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34990.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT6cIVRM+743nfHJKo4yuQ==": { "id": "fT6cIVRM+743nfHJKo4yuQ==", "updater": "rhel-vex", "name": "CVE-2026-6429", "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6429 https://bugzilla.redhat.com/show_bug.cgi?id=2461205 https://www.cve.org/CVERecord?id=CVE-2026-6429 https://nvd.nist.gov/vuln/detail/CVE-2026-6429 https://curl.se/docs/CVE-2026-6429.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6429.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h6rS2s3xilGaG0a+pIjl8A==": { "id": "h6rS2s3xilGaG0a+pIjl8A==", "updater": "rhel-vex", "name": "CVE-2026-3644", "description": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "issued": "2026-03-16T17:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3644 https://bugzilla.redhat.com/show_bug.cgi?id=2448168 https://www.cve.org/CVERecord?id=CVE-2026-3644 https://nvd.nist.gov/vuln/detail/CVE-2026-3644 https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4 https://github.com/python/cpython/issues/145599 https://github.com/python/cpython/pull/145600 https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3644.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hfBpyVezkUAf98QWnlvzIA==": { "id": "hfBpyVezkUAf98QWnlvzIA==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hkP7fdNBNcMv5alTtw0c+Q==": { "id": "hkP7fdNBNcMv5alTtw0c+Q==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ho4M6//kfDyE5kZ9fbpV0g==": { "id": "ho4M6//kfDyE5kZ9fbpV0g==", "updater": "rhel-vex", "name": "CVE-2025-14819", "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14819 https://bugzilla.redhat.com/show_bug.cgi?id=2426408 https://www.cve.org/CVERecord?id=CVE-2025-14819 https://nvd.nist.gov/vuln/detail/CVE-2025-14819 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14819.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iEGZHZXt8HWPSM5eJesddQ==": { "id": "iEGZHZXt8HWPSM5eJesddQ==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ieASPdYzGxWke8nZZhE02Q==": { "id": "ieASPdYzGxWke8nZZhE02Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "A vulnerability was found in the demangle_template function in GNU libiberty, as distributed in GNU Binutils, where a memory leak could occur, a specially crafted file could cause the application to consume excessive memory, potentially leading to a crash.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kCsMurCi7F77HxJoLqd9jA==": { "id": "kCsMurCi7F77HxJoLqd9jA==", "updater": "rhel-vex", "name": "CVE-2026-34978", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker can exploit a path traversal vulnerability in the RSS notifier by manipulating the `notify-recipient-uri`. This allows writing arbitrary RSS XML data to sensitive files outside the intended directory. This can lead to a denial of service (DoS) by corrupting critical system files, such as the job cache, causing the scheduler to fail and previously queued jobs to disappear.", "issued": "2026-04-03T21:15:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34978 https://bugzilla.redhat.com/show_bug.cgi?id=2454957 https://www.cve.org/CVERecord?id=CVE-2026-34978 https://nvd.nist.gov/vuln/detail/CVE-2026-34978 https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34978.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klCkJxhhNVG564GOUQMh+Q==": { "id": "klCkJxhhNVG564GOUQMh+Q==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mouoWVvs12H8FynnB5qIsQ==": { "id": "mouoWVvs12H8FynnB5qIsQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "This issue resides on libiberty code, a part of binutils, distributed with different versions of RH software. The vulnerability is triggered when the shstrndx (Section Header String Table Index) is zero in the ELF file. This specific condition leads to the integer overflow and subsequent buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n+SYCf6UN4VyD5OPJagpTA==": { "id": "n+SYCf6UN4VyD5OPJagpTA==", "updater": "rhel-vex", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "2026-05-04T08:53:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33846 https://bugzilla.redhat.com/show_bug.cgi?id=2450625 https://www.cve.org/CVERecord?id=CVE-2026-33846 https://nvd.nist.gov/vuln/detail/CVE-2026-33846 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ngbKDtxhn33NKWC2lhOQNQ==": { "id": "ngbKDtxhn33NKWC2lhOQNQ==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nhJPQpDYg9We/U8oBJw4JQ==": { "id": "nhJPQpDYg9We/U8oBJw4JQ==", "updater": "rhel-vex", "name": "CVE-2026-6019", "description": "A flaw was found in Python's `http.cookies` module. The `Morsel.js_output()` function, responsible for generating JavaScript output for cookies, does not properly neutralize the `\u003c/script\u003e` HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to Cross-Site Scripting (XSS) attacks. Such an attack could result in information disclosure or arbitrary code execution within the user's browser.", "issued": "2026-04-22T19:28:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6019 https://bugzilla.redhat.com/show_bug.cgi?id=2460869 https://www.cve.org/CVERecord?id=CVE-2026-6019 https://nvd.nist.gov/vuln/detail/CVE-2026-6019 https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 https://github.com/python/cpython/issues/90309 https://github.com/python/cpython/pull/148848 https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6019.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npBrFSWnZYxq9cizdfDfCQ==": { "id": "npBrFSWnZYxq9cizdfDfCQ==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "p2qAiuM4AsdQ5J4fBWvbBA==": { "id": "p2qAiuM4AsdQ5J4fBWvbBA==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qC/lM94bJkHuTCcx6Z47mQ==": { "id": "qC/lM94bJkHuTCcx6Z47mQ==", "updater": "rhel-vex", "name": "CVE-2026-32778", "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "issued": "2026-03-16T07:02:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32778 https://bugzilla.redhat.com/show_bug.cgi?id=2447885 https://www.cve.org/CVERecord?id=CVE-2026-32778 https://nvd.nist.gov/vuln/detail/CVE-2026-32778 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1163 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32778.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qS+8YNw5cEHn5bXG24Qmgg==": { "id": "qS+8YNw5cEHn5bXG24Qmgg==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qv1CBAIhzNsoWe8hSWlF1g==": { "id": "qv1CBAIhzNsoWe8hSWlF1g==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rCI1GSL47zJlliQotxXM4Q==": { "id": "rCI1GSL47zJlliQotxXM4Q==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEd6JdG2xx5NZ9bcsFRNpw==": { "id": "rEd6JdG2xx5NZ9bcsFRNpw==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEg00U8+//igCt+0+QBUhA==": { "id": "rEg00U8+//igCt+0+QBUhA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "raKuHZN4AggeEUt0ItIq1Q==": { "id": "raKuHZN4AggeEUt0ItIq1Q==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rfyVleP0iFAaKAccoWyLNQ==": { "id": "rfyVleP0iFAaKAccoWyLNQ==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ruDQdx7OmIsgMCpioWbqOQ==": { "id": "ruDQdx7OmIsgMCpioWbqOQ==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s1kzjy+cDztHEcgHrl7kHQ==": { "id": "s1kzjy+cDztHEcgHrl7kHQ==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sExC9WXn4M01POjg0haQrA==": { "id": "sExC9WXn4M01POjg0haQrA==", "updater": "rhel-vex", "name": "CVE-2026-34933", "description": "A flaw was found in Avahi. An unprivileged local user can exploit this vulnerability by sending a D-Bus method call with conflicting publish flags. This can lead to a denial of service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-04-03T22:43:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34933 https://bugzilla.redhat.com/show_bug.cgi?id=2454978 https://www.cve.org/CVERecord?id=CVE-2026-34933 https://nvd.nist.gov/vuln/detail/CVE-2026-34933 https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c https://github.com/avahi/avahi/pull/891 https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34933.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sThg2GGoKqa1RTJ5skEJTA==": { "id": "sThg2GGoKqa1RTJ5skEJTA==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t3XJyztcU9aOXTMLI8NRmA==": { "id": "t3XJyztcU9aOXTMLI8NRmA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tYeLT/YUKIk7yaK07WvPeA==": { "id": "tYeLT/YUKIk7yaK07WvPeA==", "updater": "rhel-vex", "name": "CVE-2026-32776", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-16T06:54:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32776 https://bugzilla.redhat.com/show_bug.cgi?id=2447888 https://www.cve.org/CVERecord?id=CVE-2026-32776 https://nvd.nist.gov/vuln/detail/CVE-2026-32776 https://github.com/libexpat/libexpat/pull/1158 https://github.com/libexpat/libexpat/pull/1159 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32776.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "teoauN/Djw6odXikmjP4Lw==": { "id": "teoauN/Djw6odXikmjP4Lw==", "updater": "rhel-vex", "name": "CVE-2025-68471", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network using the mDNS/DNS-SD (Multicast Domain Name System/DNS-based Service Discovery) protocols. A remote attacker can exploit this by sending two specific network messages, known as unsolicited announcements with CNAME resource records, within a two-second timeframe. This action can cause the `avahi-daemon` process to crash, leading to a Denial of Service (DoS) for the affected system.", "issued": "2026-01-12T17:39:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68471 https://bugzilla.redhat.com/show_bug.cgi?id=2428717 https://www.cve.org/CVERecord?id=CVE-2025-68471 https://nvd.nist.gov/vuln/detail/CVE-2025-68471 https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1 https://github.com/avahi/avahi/issues/678 https://github.com/avahi/avahi/security/advisories/GHSA-56rf-42xr-qmmg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68471.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tlWVK61iOpKPkvmeShS9AQ==": { "id": "tlWVK61iOpKPkvmeShS9AQ==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tnBbKyfWYMq7GMqd8UCfIw==": { "id": "tnBbKyfWYMq7GMqd8UCfIw==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u7b5r2PfK9a1QyjBR1cFRw==": { "id": "u7b5r2PfK9a1QyjBR1cFRw==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEggs7thHCRp4eZu5EDH0A==": { "id": "uEggs7thHCRp4eZu5EDH0A==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "v1exQXePimNPt3tveLBP9g==": { "id": "v1exQXePimNPt3tveLBP9g==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vTJZ/R8pdcyDbwAwRi8cBw==": { "id": "vTJZ/R8pdcyDbwAwRi8cBw==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vx2N2RZTm7neux8kVlqgEg==": { "id": "vx2N2RZTm7neux8kVlqgEg==", "updater": "rhel-vex", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "2026-04-06T13:36:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5704 https://bugzilla.redhat.com/show_bug.cgi?id=2455360 https://www.cve.org/CVERecord?id=CVE-2026-5704 https://nvd.nist.gov/vuln/detail/CVE-2026-5704 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5704.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wbBiCPikq6Iz02EPsysTgA==": { "id": "wbBiCPikq6Iz02EPsysTgA==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wxS+u/uf8o4sT9iSccXQwA==": { "id": "wxS+u/uf8o4sT9iSccXQwA==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKLQGv5zNwcnWtQQKiO3Ww==": { "id": "xKLQGv5zNwcnWtQQKiO3Ww==", "updater": "rhel-vex", "name": "CVE-2026-25645", "description": "A flaw was found in the `requests` HTTP library, specifically in the `requests.utils.extract_zipped_paths()` function, which is used to load Certificate Authority (CA) bundles. A local attacker can exploit this vulnerability by pre-creating a malicious CA bundle file in the system's temporary directory. When a vulnerable application initializes the `requests` library, it may load this malicious file instead of the legitimate CA bundle, leading to a bypass of security controls and potential integrity compromise.", "issued": "2026-03-25T17:02:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2451408 https://www.cve.org/CVERecord?id=CVE-2026-25645 https://nvd.nist.gov/vuln/detail/CVE-2026-25645 https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 https://github.com/psf/requests/releases/tag/v2.33.0 https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25645.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xjRJnKlNaH/FGi0NN5VKBQ==": { "id": "xjRJnKlNaH/FGi0NN5VKBQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yrec5aYK5L1Cn+46ZF7wbw==": { "id": "yrec5aYK5L1Cn+46ZF7wbw==", "updater": "rhel-vex", "name": "CVE-2026-6253", "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6253 https://bugzilla.redhat.com/show_bug.cgi?id=2461202 https://www.cve.org/CVERecord?id=CVE-2026-6253 https://nvd.nist.gov/vuln/detail/CVE-2026-6253 https://curl.se/docs/CVE-2026-6253.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6253.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zIdEM/kGXg+rxyZW+kVVlw==": { "id": "zIdEM/kGXg+rxyZW+kVVlw==", "updater": "rhel-vex", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "2026-04-30T17:26:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3833 https://bugzilla.redhat.com/show_bug.cgi?id=2445763 https://www.cve.org/CVERecord?id=CVE-2026-3833 https://nvd.nist.gov/vuln/detail/CVE-2026-3833 https://gitlab.com/gnutls/gnutls/-/issues/1803 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3833.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "MRnBR1NwPejsF0F/Po53Ew==", "O6eQrDqYe8zCvECWFMIzFQ==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ "Elb2DrZLO9/IaIc7rSPVUg==", "raKuHZN4AggeEUt0ItIq1Q==" ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ "QwBnC+2unbl7BaURui6Tng==", "OGfYu06hscS+jx5HR8e1UQ==", "n+SYCf6UN4VyD5OPJagpTA==", "zIdEM/kGXg+rxyZW+kVVlw==", "fvGjL9hw9hDQockMTb7lrA==" ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ "Te9j1HGn7feNCE/Fduu0+A==", "VPoF+qCqaQ4y2sVl2255/g==", "cW+DgNrGAeRAwNB4wrDZhw==", "VP8+3bQwNwMNm6AhYTNJBQ==", "s1kzjy+cDztHEcgHrl7kHQ==", "6p6EeZQEuYkK2CtO4ey3Ag==", "m8ueKfgkaYIYTU+xtIQcwA==", "I31WPu2ZGWOsqloSJfE2Fg==", "ZdcpNqfrXAb14fwUEQLWGQ==", "29qrZyz+fmdn9Nzjpl2/Pg==", "8TgjbHNGzIFm7/fF9DBU7Q==", "YoCxZvEp16Bt9LDv+Ficeg==", "FkRDB0vpJYeh2ipqLS0/Iw==", "OTZM0RD60ajdSeEqWGkkTw==", "B5eXEM8SeidgdpzXoFJFGQ==", "1vG4ZYIu07BTj9XJ+a+P9Q==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "hkP7fdNBNcMv5alTtw0c+Q==", "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==", "Zp5q2R9PHTn/pmrn158k9A==", "5e3gC+KDeb36jTLxBYtijg==" ], "ACY3djwkey7ZIXbd0V+Giw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "AIs6pmCup5N9+6Ag6e2/og==": [ "PcNbuWOo0ahqjfbOQhXvvQ==", "LWLSX4FCLbzYWK97i5Or+A==", "rVgBV65FWtFg3jitEqotFA==", "BV++s35Ur4bQRS6HK0QCIA==", "tlWVK61iOpKPkvmeShS9AQ==", "gagftKXuSuh9pi4dRu9yPQ==", "qv1CBAIhzNsoWe8hSWlF1g==", "86unVXyTxdffdcXWZTYw5g==", "VLzwKVDYC7fQrtcpCzjXjA==", "rEd6JdG2xx5NZ9bcsFRNpw==", "8D3i4K1ylUr5dGk9imV9zA==", "ZkEez7f24VNVhTaTCDhuEg==", "rCI1GSL47zJlliQotxXM4Q==", "QUtTYJuHdkAOgtveagWUfA==", "Fp999hDC/lucBsNHwOlp/A==", "OpUahpCA4oBceG962KxTMA==", "QcOTYeOedG0AUhPSakMpIA==", "97PwDrD8knMveLXwKCvQjA==", "OLKvdPVgT9/lPcflJTxE3Q==", "WcChSpNAL6V9Xfxc9AqW7g==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==" ], "AziZ1oGI+oDXVPzldKNj+w==": [ "3O4IzHXnRQMZXCe1gYATvw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "CP6fmHsRon29d9dGmAC8yQ==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "DV119Dw0W4RdsbJkdoHU9w==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "DgyhtZBcSIlVmY6xC8s1mA==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "FS5/DAbDsXWURU9onlACPA==": [ "Q5xJp4zJ1MCYcYbDi9qrdQ==" ], "J34PJ2GThOWZuKVgFIoieA==": [ "uEggs7thHCRp4eZu5EDH0A==" ], "KYSXsdsObSOPb3/iOOdbDw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "LXiVkIlXLq/usMYIwCTH8Q==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "LkoLKEri5dIAb0vFMkSOag==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "MA5xnJmwv4AJZhc2768UiA==": [ "G7IyfoPhe9f8QzIGbOfn7Q==", "92KuvWwbPhsQNPu0knrHAQ==", "HdAyLUATPStr/HXiy9fgQw==", "TLOrmSYL76Du+GI4WD9gMQ==", "619DQiII/+IW12e6tmtrxw==", "RXjd5U95osIGXnqCa34Jkg==", "7Puka2o1jq4jSr2Hekrfhg==", "xjRJnKlNaH/FGi0NN5VKBQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "9zRC9UwUH2bQs1UcHQ5UTQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==", "tnBbKyfWYMq7GMqd8UCfIw==", "5B1tQ2BK8z/YjRkYcvwqag==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "ORsDK2A5479NPB0r01PoXQ==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "P5UTXxqhA6R98OWY7h85rQ==": [ "DDWmqlxBSfXi2KJJ5mwTNg==", "OPNDKUsVLJt2v1gO1zvkBA==", "XygysGe2kdlyCRQHM1fu3w==", "klCkJxhhNVG564GOUQMh+Q==", "EQ4eP3gKo3y8JsWUiWr6+g==", "wxS+u/uf8o4sT9iSccXQwA==", "4/mftydHpy90Umw3G0mTuQ==", "8Sec+JvKiQWGqYCOBdZhjg==", "YiJlkUTKf0/7+ORZMmQ2cw==", "HNpGGr9eP5twQKC3yCh1mA==", "O8fIVXqcGshIonMWsEH9gA==", "AE8Cp1u8I9t52OYW7oGU4w==" ], "PYGQE1Mr52aqIP4tEB4VSw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "U3ZkYu9FoEzQITrVBlQtLA==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "Vax934M9zGbzjdT3Y/XU9w==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "W/d4trZ7jb2yxjrq4cNOWA==", "0nQ3GJDLY22M176Z5ESg6A==", "sThg2GGoKqa1RTJ5skEJTA==", "yuFlxOGqQlDuMCywIIELNw==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "bWUdPEYmtshwdmuX5VapfQ==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==", "xKLQGv5zNwcnWtQQKiO3Ww==", "8I2jFG8JRR+6+eqqYlXhAg==", "HuLJLN6ajygY/CpLyzV5lw==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "teoauN/Djw6odXikmjP4Lw==", "A1UDSDMkPKOSx7ma/geQyg==", "Rw8DyDlyRHRJOeZaAbGMRA==", "kYYDrncBncmKkmFnSd5t3w==", "7lnphmrb/VojuhlikpNO5w==", "9jHXNtwzqlOir/Op7pd9+w==", "Bgew407C4GMDdNe8dNeN7w==", "sExC9WXn4M01POjg0haQrA==", "MW3KGjkk7BWuR5JCc6cywg==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "iKjky3d+XDnwdlXfvLvp/A==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ], "isPl2YxnCTfcLmUYH6Q0sA==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "j5YRt82iOHry4ndSyCLgaA==": [ "eCNdMtt9JN2Rrb8I23NIsA==", "0WTD6ZUY2Zj2w0R3oyPWRw==", "9oBjtBiHtz7+Hwc4swPaAw==", "K3eafQ/8P8PEZ3BPWZfCgg==", "kCsMurCi7F77HxJoLqd9jA==", "9ZCmRufeuC0TKSSi9pcU6g==", "3IgZDz5UYkhu/U1/4kSWKg==", "/1CYFiexnJcM7p4YrI/FVg==", "RdjNn4dAdZKcn6VS95a/SQ==", "UyCjBcpeB0nhkRTVhUcAJQ==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "LTmcTrhW8bJGvJXJVPjm/g==", "tYeLT/YUKIk7yaK07WvPeA==", "qC/lM94bJkHuTCcx6Z47mQ==", "KExChYIaW0MvXNLWbjS/Hw==", "RYqFgDYIttLgJc8B82sK/w==", "Lt2Hg7sVYgz0GD7ldFmjjA==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "AZQ9MHTiNLYiRU7sYZlVGw==", "n83jaRl/T6kiaoMyWtX8xw==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "lU0MYRg2dg5wynl2dMGsgA==": [ "hfBpyVezkUAf98QWnlvzIA==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "W/DMqBRMDYVkVH3D67luGg==", "vx2N2RZTm7neux8kVlqgEg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "9uK7ZDYgFtqP786n0QunAg==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==", "XBiy/XVR6SoThCkYUmkD1g==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "xLIujTim86EomaRofe4tDg==", "0fCtWwB6iclgRvIA+IqiJQ==", "EiL50P2QSOoRA18XAAH6Pg==", "EKs36DFwHVCzU/cF0Be9pQ==", "ElIjMFAz33tt/XVMysRkdA==", "ngbKDtxhn33NKWC2lhOQNQ==", "p2qAiuM4AsdQ5J4fBWvbBA==", "npBrFSWnZYxq9cizdfDfCQ==", "Oi3Y6I7JDcoQrQyH+jMXWw==", "jguV9kU5iHC5V/cF3+b/tg==", "iEGZHZXt8HWPSM5eJesddQ==", "KaROgE0QmtiOixMG9Wi1RA==" ], "oUYls//IDfQ4QSLGKlUoZg==": [ "t3XJyztcU9aOXTMLI8NRmA==", "a067YUjLHWzR99JNl/RtGQ==", "H2CablNBrQ/I5AsUjk5xyw==", "1lUHOMB3ANHGWpqCBv9Ynw==", "BooDzA4nzaDI1l3E5zAHgg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "wQNSAAyfpn1pixah4j5PmA==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ] }, "enrichments": {} } pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.6.16-8.el8_10.5 (CVE-2026-33845, CVE-2026-33846), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-66293, CVE-2026-22020, CVE-2026-25646, CVE-2026-26740), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40356)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 7 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.6.16-8.el8_10.5 (CVE-2026-3833), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0466, CVE-2026-28390), cups-libs-1:2.2.6-67.el8_10 (CVE-2023-4504, CVE-2026-27447, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990, CVE-2026-39314, CVE-2026-39316), libblkid-2.32.1-48.el8_10 (CVE-2026-27456), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616, CVE-2025-59529, CVE-2025-68276, CVE-2025-68468, CVE-2025-68471, CVE-2026-24401, CVE-2026-34933), python3-libs-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), file-libs-5.33-27.el8_10 (CVE-2019-8905), glibc-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libuuid-2.32.1-48.el8_10 (CVE-2026-27456), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), glib2-2.56.4-168.el8_10 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), platform-python-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), openldap-2.4.46-21.el8_10 (CVE-2026-22185), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2026-22693, CVE-2026-22695, CVE-2026-22801, CVE-2026-33416, CVE-2026-33636, CVE-2026-34757, CVE-2026-41254), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40355), coreutils-single-8.30-17.el8_10 (CVE-2025-5278), libsmartcols-2.32.1-48.el8_10 (CVE-2026-27456), libcurl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236, CVE-2026-41989), alsa-lib-1.2.10-2.el8 (CVE-2026-25068), libarchive-3.3.3-7.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), gnupg2-2.2.20-4.el8_10 (CVE-2025-68972), expat-2.5.0-1.el8_10 (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778), curl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), glibc-common-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), libxml2-2.9.7-21.el8_10.4 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), libmount-2.32.1-48.el8_10 (CVE-2026-27456), libzstd-1.4.4-1.el8 (CVE-2022-4899), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182, CVE-2026-25645), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), xz-libs-5.2.4-4.el8_6 (CVE-2026-34743), tar-2:1.30-11.el8_10 (CVE-2025-45582, CVE-2025-64118, CVE-2026-33056, CVE-2026-5704), systemd-libs-239-82.el8_10.16 (CVE-2018-20839, CVE-2025-4598, CVE-2026-29111, CVE-2026-4105)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 144 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), gnutls-3.6.16-8.el8_10.5 (CVE-2021-4209, CVE-2026-3832), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2025-15468, CVE-2025-15469, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), cups-libs-1:2.2.6-67.el8_10 (CVE-2021-25317, CVE-2026-41079), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), python3-libs-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), file-libs-5.33-27.el8_10 (CVE-2019-8906), glibc-2.28-251.el8_10.31 (CVE-2026-4438), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4438), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), platform-python-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2022-3857, CVE-2026-27171), zlib-1.2.11-25.el8 (CVE-2026-27171), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libcurl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), libgcrypt-1.8.5-7.el8_6 (CVE-2026-41990), libarchive-3.3.3-7.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), nss-util-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-freebl-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), expat-2.5.0-1.el8_10 (CVE-2025-66382, CVE-2026-24515, CVE-2026-41080), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), curl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), glibc-common-2.28-251.el8_10.31 (CVE-2026-4438), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), libxml2-2.9.7-21.el8_10.4 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), pcre2-10.32-3.el8_6 (CVE-2022-41409), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libzstd-1.4.4-1.el8 (CVE-2021-24032), nss-softokn-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), gawk-4.2.1-4.el8 (CVE-2023-4156), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libtasn1-4.13-5.el8_10 (CVE-2018-1000654, CVE-2025-13151), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), systemd-libs-239-82.el8_10.16 (CVE-2021-3997), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232, CVE-2025-70873), nss-sysinit-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 152 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":7,"medium":144,"low":152,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d", "digests": ["sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64"]}} {"result":"SUCCESS","timestamp":"2026-05-07T23:48:45+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-pac-gitlab-qtyrdof2a03bf21bde61f4da280ef0c32a6fac-pod | init container: prepare 2026/05/07 23:48:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdof2a03bf21bde61f4da280ef0c32a6fac-pod | container step-apply-additional-tags: time="2026-05-07T23:48:28Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d" time="2026-05-07T23:48:28Z" level=info msg="[param] digest: sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64" time="2026-05-07T23:48:28Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-07T23:48:32Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} [FAILED] in [It] - /tmp/tmp.72Gj3TWGe0/tests/integration-service/gitlab-integration-reporting.go:150 @ 05/07/26 23:49:49.585 [FAILED] in [AfterAll] - /tmp/tmp.72Gj3TWGe0/tests/integration-service/gitlab-integration-reporting.go:97 @ 05/07/26 23:49:49.707 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc000502130>: pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln-init-pod | init container: prepare 2026/05/07 23:46:30 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln-init-pod | container step-init: time="2026-05-07T23:46:33Z" level=info msg="[param] enable: false" time="2026-05-07T23:46:33Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-05-07T23:46:33Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-05-07T23:46:33Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-05-07T23:46:33Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-05-07T23:46:33Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-05-07T23:46:33Z" level=info msg="Cache proxy is disabled via param" time="2026-05-07T23:46:33Z" level=info msg="[result] HTTP PROXY: " time="2026-05-07T23:46:33Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | init container: prepare 2026/05/07 23:48:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | init container: place-scripts 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-v79gc 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-txzfq pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 39.400 sec (0 m 39 s) Start Date: 2026:05:07 23:48:52 End Date: 2026:05:07 23:49:31 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27993/Wed May 6 06:24:57 2026 Database version: 27993 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1778197771","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197771","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1778197771","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d", "digests": ["sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64"]}} pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 029791dbc40b clamscan-result-amd64.log Uploading d767c420971b clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded d767c420971b clamscan-ec-test-amd64.json Uploaded 029791dbc40b clamscan-result-amd64.log Uploading 152cfcfe78a7 application/vnd.oci.image.manifest.v1+json Uploaded 152cfcfe78a7 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 Digest: sha256:152cfcfe78a7f38c82d56263496bda6b63ddbca15268a62c54ec1c7da38b3226 pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | init container: prepare 2026/05/07 23:48:24 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | init container: place-scripts 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-r764d 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-gc4z9 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-2-n9frd 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-3-ljm4x 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-4-dhj8d 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-5-cwhj2 pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d time="2026-05-07T23:48:28Z" level=warning msg="Failed, retrying in 1s ... (1/3). Error: pinging container registry quay.io: received unexpected HTTP status: 502 Bad Gateway" The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Auth json written to "/auth/auth.json". pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-set-skip-for-bundles: 2026/05/07 23:48:42 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-app-check: time="2026-05-07T23:48:42Z" level=info msg="certification library version" version="1.17.2 " time="2026-05-07T23:48:51Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d for platform amd64" time="2026-05-07T23:48:51Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d" time="2026-05-07T23:49:01Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-3692195987/fs/licenses: no such file or directory" check=HasLicense time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-05-07T23:49:01Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-05-07T23:49:01Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-05-07T23:49:01Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-05-07T23:49:10Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-05-07T23:49:10Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-05-07T23:49:10Z" level=info msg="This image's tag on-pr-9563c74c641ed57d00587689aa7c536c690dd28d will be paired with digest sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.2", "commit": "eb87e5b2d67ad110a0afe8edfb16f445e0877c4e" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 45, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8811, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 252, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-05-07T23:49:10Z" level=info msg="Preflight result: FAILED" pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1778197750","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d pod: test-comp-pac-gitlab-qtyrdoa50c093362ea2256704d5cae05ecacee-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1778197750","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | init container: prepare 2026/05/07 23:48:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | init container: place-scripts 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-8sc8m 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-m7tr2 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-2-z2qsn 2026/05/07 23:48:25 Decoded script /tekton/scripts/script-3-qwp4p pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64. pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-05-07T23:48:30Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-05-07T23:48:30Z INF libvuln initialized component=libvuln/New 2026-05-07T23:48:30Z INF registered configured scanners component=libindex/New 2026-05-07T23:48:30Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-05-07T23:48:30Z INF index request start component=libindex/Libindex.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 2026-05-07T23:48:30Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 2026-05-07T23:48:30Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=CheckManifest 2026-05-07T23:48:30Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=FetchLayers 2026-05-07T23:48:32Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=FetchLayers 2026-05-07T23:48:32Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=FetchLayers 2026-05-07T23:48:32Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=ScanLayers 2026-05-07T23:48:32Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697 scanner=rhel_containerscanner state=ScanLayers 2026-05-07T23:48:32Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.19.0.10-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-05-07T23:48:32Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=ScanLayers 2026-05-07T23:48:32Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=IndexManifest 2026-05-07T23:48:32Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=IndexFinished 2026-05-07T23:48:32Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 state=IndexFinished 2026-05-07T23:48:32Z INF index request done component=libindex/Libindex.Index manifest=sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 { "manifest_hash": "sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "22yBCZl99yVP86UHT7jTdw==": { "id": "22yBCZl99yVP86UHT7jTdw==", "name": "tzdata", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2gKctomQ2vBMxlyAOjcc7g==": { "id": "2gKctomQ2vBMxlyAOjcc7g==", "name": "sed", "version": "4.5-5.el8_10", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4flTdmUV4iK1Ax+LXJm8qQ==": { "id": "4flTdmUV4iK1Ax+LXJm8qQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4mBaAtvqw4Xnt3KyHa6xnQ==": { "id": "4mBaAtvqw4Xnt3KyHa6xnQ==", "name": "java-17-openjdk-headless", "version": "1:17.0.19.0.10-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.19.0.10-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACY3djwkey7ZIXbd0V+Giw==": { "id": "ACY3djwkey7ZIXbd0V+Giw==", "name": "nss-sysinit", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AIs6pmCup5N9+6Ag6e2/og==": { "id": "AIs6pmCup5N9+6Ag6e2/og==", "name": "openssl-libs", "version": "1:1.1.1k-15.el8_6", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-15.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CP6fmHsRon29d9dGmAC8yQ==": { "id": "CP6fmHsRon29d9dGmAC8yQ==", "name": "nss-softokn", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DV119Dw0W4RdsbJkdoHU9w==": { "id": "DV119Dw0W4RdsbJkdoHU9w==", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DgyhtZBcSIlVmY6xC8s1mA==": { "id": "DgyhtZBcSIlVmY6xC8s1mA==", "name": "coreutils-single", "version": "8.30-17.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-17.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Dmgfuk4/ZGW2Pjrf3pzOwg==": { "id": "Dmgfuk4/ZGW2Pjrf3pzOwg==", "name": "nss-util", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KYSXsdsObSOPb3/iOOdbDw==": { "id": "KYSXsdsObSOPb3/iOOdbDw==", "name": "nss-softokn-freebl", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LkoLKEri5dIAb0vFMkSOag==": { "id": "LkoLKEri5dIAb0vFMkSOag==", "name": "glibc-common", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MA5xnJmwv4AJZhc2768UiA==": { "id": "MA5xnJmwv4AJZhc2768UiA==", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ORsDK2A5479NPB0r01PoXQ==": { "id": "ORsDK2A5479NPB0r01PoXQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.11", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.11", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5UTXxqhA6R98OWY7h85rQ==": { "id": "P5UTXxqhA6R98OWY7h85rQ==", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PYGQE1Mr52aqIP4tEB4VSw==": { "id": "PYGQE1Mr52aqIP4tEB4VSw==", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-8.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RRWuvyUdhwGbBo2a/Ra1hw==": { "id": "RRWuvyUdhwGbBo2a/Ra1hw==", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U3ZkYu9FoEzQITrVBlQtLA==": { "id": "U3ZkYu9FoEzQITrVBlQtLA==", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Vax934M9zGbzjdT3Y/XU9w==": { "id": "Vax934M9zGbzjdT3Y/XU9w==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.31", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.31", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ar0do80Wlk1FaVvtx66g6Q==": { "id": "ar0do80Wlk1FaVvtx66g6Q==", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iKjky3d+XDnwdlXfvLvp/A==": { "id": "iKjky3d+XDnwdlXfvLvp/A==", "name": "python3-libs", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "j5YRt82iOHry4ndSyCLgaA==": { "id": "j5YRt82iOHry4ndSyCLgaA==", "name": "cups-libs", "version": "1:2.2.6-67.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-67.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kup9SZcgg13wnbXIW3GyJA==": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oUYls//IDfQ4QSLGKlUoZg==": { "id": "oUYls//IDfQ4QSLGKlUoZg==", "name": "systemd-libs", "version": "239-82.el8_10.16", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.16", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "q4X/5GGPJSNoqWY61ewdVA==": { "id": "q4X/5GGPJSNoqWY61ewdVA==", "name": "tzdata-java", "version": "2026a-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2026a-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "qdszmGofYYLyezIthPq1jw==": { "id": "qdszmGofYYLyezIthPq1jw==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1777859697", "kind": "binary", "source": { "id": "kup9SZcgg13wnbXIW3GyJA==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1777859697", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "trIX86+UkjuJsaeYfHvnYw==": { "id": "trIX86+UkjuJsaeYfHvnYw==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.2", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQNSAAyfpn1pixah4j5PmA==": { "id": "wQNSAAyfpn1pixah4j5PmA==", "name": "platform-python", "version": "3.6.8-76.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-76.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zdqdBY2jg/Zs374g8Ylc6g==": { "id": "zdqdBY2jg/Zs374g8Ylc6g==", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "ce03cd51-de99-4601-bdf1-a5210749c9ff": { "id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "530ba96a-bc29-49e0-be1f-43cde55828e5": { "id": "530ba96a-bc29-49e0-be1f-43cde55828e5", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "7f7e0681-2ce5-4840-b11c-103ed273588f": { "id": "7f7e0681-2ce5-4840-b11c-103ed273588f", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "ac74a291-0c9c-4088-b4a6-dcee240190f1": { "id": "ac74a291-0c9c-4088-b4a6-dcee240190f1", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54": { "id": "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "e5eec09a-ace7-4aae-81b7-3a227580d7a8": { "id": "e5eec09a-ace7-4aae-81b7-3a227580d7a8", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "f40841b9-ddbb-4d5e-a143-16a34310963e": { "id": "f40841b9-ddbb-4d5e-a143-16a34310963e", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "22yBCZl99yVP86UHT7jTdw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "2gKctomQ2vBMxlyAOjcc7g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "ACY3djwkey7ZIXbd0V+Giw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "AIs6pmCup5N9+6Ag6e2/og==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "CP6fmHsRon29d9dGmAC8yQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "DV119Dw0W4RdsbJkdoHU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "DgyhtZBcSIlVmY6xC8s1mA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "KYSXsdsObSOPb3/iOOdbDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "LkoLKEri5dIAb0vFMkSOag==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "MA5xnJmwv4AJZhc2768UiA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "ORsDK2A5479NPB0r01PoXQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "P5UTXxqhA6R98OWY7h85rQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "PYGQE1Mr52aqIP4tEB4VSw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "RRWuvyUdhwGbBo2a/Ra1hw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "U3ZkYu9FoEzQITrVBlQtLA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Vax934M9zGbzjdT3Y/XU9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "ar0do80Wlk1FaVvtx66g6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "iKjky3d+XDnwdlXfvLvp/A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "j5YRt82iOHry4ndSyCLgaA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "kup9SZcgg13wnbXIW3GyJA==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "7f7e0681-2ce5-4840-b11c-103ed273588f", "7f7e0681-2ce5-4840-b11c-103ed273588f" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "oUYls//IDfQ4QSLGKlUoZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "q4X/5GGPJSNoqWY61ewdVA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "qdszmGofYYLyezIthPq1jw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1777859697", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": [ "7f7e0681-2ce5-4840-b11c-103ed273588f", "7f7e0681-2ce5-4840-b11c-103ed273588f" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "trIX86+UkjuJsaeYfHvnYw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "wQNSAAyfpn1pixah4j5PmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:d031cc16aea3b64aacb2a7708ab1848cb043522f43a5b870f4da927b19c2d4ce", "distribution_id": "", "repository_ids": [ "b2bc39b2-8161-4b0e-8b0b-549f7dee4b54" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:c942205fe656068a84bcea3282a340025bcb04ccf5ac11554c341b816c9e156e", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "ac74a291-0c9c-4088-b4a6-dcee240190f1", "f40841b9-ddbb-4d5e-a143-16a34310963e" ] } ], "zdqdBY2jg/Zs374g8Ylc6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:8dbc54dd3ba8deb60962e0faf1bcd1d23c09867cffbce92e091a1094578f09fc", "distribution_id": "ce03cd51-de99-4601-bdf1-a5210749c9ff", "repository_ids": [ "530ba96a-bc29-49e0-be1f-43cde55828e5", "e5eec09a-ace7-4aae-81b7-3a227580d7a8" ] } ] }, "vulnerabilities": { "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0QzoXQSqkKieJ7Oc+px0JA==": { "id": "0QzoXQSqkKieJ7Oc+px0JA==", "updater": "rhel-vex", "name": "CVE-2025-13837", "description": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.", "issued": "2025-12-01T18:13:32Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13837 https://bugzilla.redhat.com/show_bug.cgi?id=2418084 https://www.cve.org/CVERecord?id=CVE-2025-13837 https://nvd.nist.gov/vuln/detail/CVE-2025-13837 https://github.com/python/cpython/issues/119342 https://github.com/python/cpython/pull/119343 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13837.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0WTD6ZUY2Zj2w0R3oyPWRw==": { "id": "0WTD6ZUY2Zj2w0R3oyPWRw==", "updater": "rhel-vex", "name": "CVE-2026-34980", "description": "A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the `page-border` value, allowing an attacker to embed and reparse malicious text as a trusted scheduler control record. This can lead to arbitrary code execution with the privileges of the 'lp' user, potentially compromising the affected system.", "issued": "2026-04-03T21:18:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34980 https://bugzilla.redhat.com/show_bug.cgi?id=2454954 https://www.cve.org/CVERecord?id=CVE-2026-34980 https://nvd.nist.gov/vuln/detail/CVE-2026-34980 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34980.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0fCtWwB6iclgRvIA+IqiJQ==": { "id": "0fCtWwB6iclgRvIA+IqiJQ==", "updater": "rhel-vex", "name": "CVE-2026-1484", "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1484 https://bugzilla.redhat.com/show_bug.cgi?id=2433259 https://www.cve.org/CVERecord?id=CVE-2026-1484 https://nvd.nist.gov/vuln/detail/CVE-2026-1484 https://gitlab.gnome.org/GNOME/glib/-/issues/3870 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1484.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0nQ3GJDLY22M176Z5ESg6A==": { "id": "0nQ3GJDLY22M176Z5ESg6A==", "updater": "rhel-vex", "name": "CVE-2025-68972", "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "issued": "2025-12-27T22:52:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68972 https://bugzilla.redhat.com/show_bug.cgi?id=2425646 https://www.cve.org/CVERecord?id=CVE-2025-68972 https://nvd.nist.gov/vuln/detail/CVE-2025-68972 https://gpg.fail/formfeed https://news.ycombinator.com/item?id=46404339 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0v/g0Z/XEXV13r48i52JgA==": { "id": "0v/g0Z/XEXV13r48i52JgA==", "updater": "rhel-vex", "name": "CVE-2026-6276", "description": "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6276 https://bugzilla.redhat.com/show_bug.cgi?id=2461203 https://www.cve.org/CVERecord?id=CVE-2026-6276 https://nvd.nist.gov/vuln/detail/CVE-2026-6276 https://curl.se/docs/CVE-2026-6276.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6276.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1lUHOMB3ANHGWpqCBv9Ynw==": { "id": "1lUHOMB3ANHGWpqCBv9Ynw==", "updater": "rhel-vex", "name": "CVE-2026-4105", "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "issued": "2026-03-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4105 https://bugzilla.redhat.com/show_bug.cgi?id=2447262 https://www.cve.org/CVERecord?id=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4105.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1vG4ZYIu07BTj9XJ+a+P9Q==": { "id": "1vG4ZYIu07BTj9XJ+a+P9Q==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "29qrZyz+fmdn9Nzjpl2/Pg==": { "id": "29qrZyz+fmdn9Nzjpl2/Pg==", "updater": "rhel-vex", "name": "CVE-2026-22693", "description": "A null pointer dereference vector has been discovered in the harfbuzz package. A null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh:1672-1673. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault.", "issued": "2026-01-10T05:53:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22693 https://bugzilla.redhat.com/show_bug.cgi?id=2428439 https://www.cve.org/CVERecord?id=CVE-2026-22693 https://nvd.nist.gov/vuln/detail/CVE-2026-22693 https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22693.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U6d1qsPVwS8vUnflv9AcQ==": { "id": "2U6d1qsPVwS8vUnflv9AcQ==", "updater": "rhel-vex", "name": "CVE-2026-4873", "description": "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4873 https://bugzilla.redhat.com/show_bug.cgi?id=2461200 https://www.cve.org/CVERecord?id=CVE-2026-4873 https://nvd.nist.gov/vuln/detail/CVE-2026-4873 https://curl.se/docs/CVE-2026-4873.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4873.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2U8ppg+02PjFDuM5YqFstQ==": { "id": "2U8ppg+02PjFDuM5YqFstQ==", "updater": "rhel-vex", "name": "CVE-2025-15282", "description": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "issued": "2026-01-20T21:35:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15282 https://bugzilla.redhat.com/show_bug.cgi?id=2431366 https://www.cve.org/CVERecord?id=CVE-2025-15282 https://nvd.nist.gov/vuln/detail/CVE-2025-15282 https://github.com/python/cpython/issues/143925 https://github.com/python/cpython/pull/143926 https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15282.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4IzHXnRQMZXCe1gYATvw==": { "id": "3O4IzHXnRQMZXCe1gYATvw==", "updater": "rhel-vex", "name": "CVE-2026-22185", "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "issued": "2026-01-07T20:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22185 https://bugzilla.redhat.com/show_bug.cgi?id=2427679 https://www.cve.org/CVERecord?id=CVE-2026-22185 https://nvd.nist.gov/vuln/detail/CVE-2026-22185 https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22185.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4JszZEguo/SAFbgp6PdKMQ==": { "id": "4JszZEguo/SAFbgp6PdKMQ==", "updater": "rhel-vex", "name": "CVE-2026-5773", "description": "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5773 https://bugzilla.redhat.com/show_bug.cgi?id=2461201 https://www.cve.org/CVERecord?id=CVE-2026-5773 https://nvd.nist.gov/vuln/detail/CVE-2026-5773 https://curl.se/docs/CVE-2026-5773.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5773.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5e3gC+KDeb36jTLxBYtijg==": { "id": "5e3gC+KDeb36jTLxBYtijg==", "updater": "rhel-vex", "name": "CVE-2026-41990", "description": "A flaw was found in Libgcrypt. During Dilithium signing operations, the library fails to perform a bounds check when writing to a static array. While the data involved is not directly controlled by an attacker, this vulnerability could lead to memory corruption, potentially resulting in a denial of service (DoS) or affecting data integrity.", "issued": "2026-04-23T04:39:04Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41990 https://bugzilla.redhat.com/show_bug.cgi?id=2461068 https://www.cve.org/CVERecord?id=CVE-2026-41990 https://nvd.nist.gov/vuln/detail/CVE-2026-41990 https://dev.gnupg.org/T8208 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41990.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "619DQiII/+IW12e6tmtrxw==": { "id": "619DQiII/+IW12e6tmtrxw==", "updater": "rhel-vex", "name": "CVE-2026-6732", "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "issued": "2026-04-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6732 https://bugzilla.redhat.com/show_bug.cgi?id=2461300 https://www.cve.org/CVERecord?id=CVE-2026-6732 https://nvd.nist.gov/vuln/detail/CVE-2026-6732 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6732.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Cqvzp5JbuVfHsuYnIJNFw==": { "id": "6Cqvzp5JbuVfHsuYnIJNFw==", "updater": "rhel-vex", "name": "CVE-2026-4438", "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "issued": "2026-03-20T19:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4438 https://bugzilla.redhat.com/show_bug.cgi?id=2449783 https://www.cve.org/CVERecord?id=CVE-2026-4438 https://nvd.nist.gov/vuln/detail/CVE-2026-4438 https://sourceware.org/bugzilla/show_bug.cgi?id=34015 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4438.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6Xr5PbPGSy+aHLDQ9q4L9w==": { "id": "6Xr5PbPGSy+aHLDQ9q4L9w==", "updater": "rhel-vex", "name": "CVE-2026-1502", "description": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.", "issued": "2026-04-10T17:54:44Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1502 https://bugzilla.redhat.com/show_bug.cgi?id=2457409 https://www.cve.org/CVERecord?id=CVE-2026-1502 https://nvd.nist.gov/vuln/detail/CVE-2026-1502 https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 https://github.com/python/cpython/issues/146211 https://github.com/python/cpython/pull/146212 https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1502.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6p6EeZQEuYkK2CtO4ey3Ag==": { "id": "6p6EeZQEuYkK2CtO4ey3Ag==", "updater": "rhel-vex", "name": "CVE-2025-66293", "description": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.", "issued": "2025-12-03T20:33:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66293 https://bugzilla.redhat.com/show_bug.cgi?id=2418711 https://www.cve.org/CVERecord?id=CVE-2025-66293 https://nvd.nist.gov/vuln/detail/CVE-2025-66293 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/issues/764 https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66293.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7Puka2o1jq4jSr2Hekrfhg==": { "id": "7Puka2o1jq4jSr2Hekrfhg==", "updater": "rhel-vex", "name": "CVE-2026-1757", "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "issued": "2026-02-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1757 https://bugzilla.redhat.com/show_bug.cgi?id=2435940 https://www.cve.org/CVERecord?id=CVE-2026-1757 https://nvd.nist.gov/vuln/detail/CVE-2026-1757 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7lnphmrb/VojuhlikpNO5w==": { "id": "7lnphmrb/VojuhlikpNO5w==", "updater": "rhel-vex", "name": "CVE-2026-24401", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS (multicast Domain Name System) response containing a recursive CNAME (Canonical Name) record. This triggers an uncontrolled recursion within the avahi-daemon process, leading to stack exhaustion and causing the service to crash. This results in a denial of service (DoS) for affected systems.", "issued": "2026-01-24T01:25:02Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24401 https://bugzilla.redhat.com/show_bug.cgi?id=2432534 https://www.cve.org/CVERecord?id=CVE-2026-24401 https://nvd.nist.gov/vuln/detail/CVE-2026-24401 https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524 https://github.com/avahi/avahi/issues/501 https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24401.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8D3i4K1ylUr5dGk9imV9zA==": { "id": "8D3i4K1ylUr5dGk9imV9zA==", "updater": "rhel-vex", "name": "CVE-2025-69420", "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69420 https://bugzilla.redhat.com/show_bug.cgi?id=2430388 https://www.cve.org/CVERecord?id=CVE-2025-69420 https://nvd.nist.gov/vuln/detail/CVE-2025-69420 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69420.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8KJb4x3mXgChaQULEsid2A==": { "id": "8KJb4x3mXgChaQULEsid2A==", "updater": "rhel-vex", "name": "CVE-2025-15224", "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15224 https://bugzilla.redhat.com/show_bug.cgi?id=2426410 https://www.cve.org/CVERecord?id=CVE-2025-15224 https://nvd.nist.gov/vuln/detail/CVE-2025-15224 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15224.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8TgjbHNGzIFm7/fF9DBU7Q==": { "id": "8TgjbHNGzIFm7/fF9DBU7Q==", "updater": "rhel-vex", "name": "CVE-2026-34757", "description": "A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like png_get_PLTE, by passing it back to a corresponding setter function within the same image structure. This action causes the setter to access memory that has already been deallocated, leading to a use-after-free condition. A local attacker could potentially exploit this flaw to corrupt image metadata or disclose sensitive information from the application's memory.", "issued": "2026-04-09T14:41:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34757 https://bugzilla.redhat.com/show_bug.cgi?id=2456918 https://www.cve.org/CVERecord?id=CVE-2026-34757 https://nvd.nist.gov/vuln/detail/CVE-2026-34757 https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc https://github.com/pnggroup/libpng/issues/836 https://github.com/pnggroup/libpng/issues/837 https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34757.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8qOJVWAut1+UqTXPOWH12g==": { "id": "8qOJVWAut1+UqTXPOWH12g==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rvqTFlh9aOz4UvxQN0SBQ==": { "id": "8rvqTFlh9aOz4UvxQN0SBQ==", "updater": "rhel-vex", "name": "CVE-2026-3479", "description": "A flaw was found in Python's `pkgutil.get_data()` function, which is used to retrieve data from packages. This function did not properly validate the `resource` argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories stored outside the intended root directory, potentially leading to information disclosure or unintended file access.", "issued": "2026-03-18T18:13:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3479 https://bugzilla.redhat.com/show_bug.cgi?id=2448746 https://www.cve.org/CVERecord?id=CVE-2026-3479 https://nvd.nist.gov/vuln/detail/CVE-2026-3479 https://github.com/python/cpython/issues/146121 https://github.com/python/cpython/pull/146122 https://mail.python.org/archives/list/security-announce@python.org/thread/WYLLVQOOCKGK73JM7Z7ZSNOJC4N7BAWY/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3479.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "92KuvWwbPhsQNPu0knrHAQ==": { "id": "92KuvWwbPhsQNPu0knrHAQ==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://gitlab.gnome.org/GNOME/libxml2/-/issues/941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "97PwDrD8knMveLXwKCvQjA==": { "id": "97PwDrD8knMveLXwKCvQjA==", "updater": "rhel-vex", "name": "CVE-2026-22795", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2430389 https://www.cve.org/CVERecord?id=CVE-2026-22795 https://nvd.nist.gov/vuln/detail/CVE-2026-22795 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22795.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9ZCmRufeuC0TKSSi9pcU6g==": { "id": "9ZCmRufeuC0TKSSi9pcU6g==", "updater": "rhel-vex", "name": "CVE-2026-41079", "description": "A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Management Protocol (SNMP) response to the CUPS SNMP backend, leading to an out-of-bounds read. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then converted and stored as printer supply description strings. Authenticated users can subsequently view this leaked information through IPP Get-Printer-Attributes responses and the CUPS web interface.", "issued": "2026-04-24T16:54:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41079 https://bugzilla.redhat.com/show_bug.cgi?id=2461611 https://www.cve.org/CVERecord?id=CVE-2026-41079 https://nvd.nist.gov/vuln/detail/CVE-2026-41079 https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080 https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41079.json", "severity": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9jHXNtwzqlOir/Op7pd9+w==": { "id": "9jHXNtwzqlOir/Op7pd9+w==", "updater": "rhel-vex", "name": "CVE-2025-68276", "description": "A flaw was found in Avahi, a system that facilitates service discovery on a local network. An unprivileged local user can exploit this vulnerability by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. This can lead to a Denial of Service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-01-12T17:31:49Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68276 https://bugzilla.redhat.com/show_bug.cgi?id=2428713 https://www.cve.org/CVERecord?id=CVE-2025-68276 https://nvd.nist.gov/vuln/detail/CVE-2025-68276 https://github.com/avahi/avahi/commit/ede7048475c5d47d53890e3bc1350dda8e0b3688 https://github.com/avahi/avahi/pull/806 https://github.com/avahi/avahi/security/advisories/GHSA-mhf3-865v-g5rc https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68276.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9oBjtBiHtz7+Hwc4swPaAw==": { "id": "9oBjtBiHtz7+Hwc4swPaAw==", "updater": "rhel-vex", "name": "CVE-2026-34979", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker could exploit a heap-based buffer overflow by sending specially crafted job attributes when building filter option strings. This could lead to a denial of service, making the printing system unavailable.", "issued": "2026-04-03T21:16:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34979 https://bugzilla.redhat.com/show_bug.cgi?id=2454946 https://www.cve.org/CVERecord?id=CVE-2026-34979 https://nvd.nist.gov/vuln/detail/CVE-2026-34979 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34979.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9zRC9UwUH2bQs1UcHQ5UTQ==": { "id": "9zRC9UwUH2bQs1UcHQ5UTQ==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1UDSDMkPKOSx7ma/geQyg==": { "id": "A1UDSDMkPKOSx7ma/geQyg==", "updater": "rhel-vex", "name": "CVE-2025-68468", "description": "A flaw was found in Avahi. A remote attacker can cause a Denial of Service (DoS) by sending specially crafted unsolicited announcements containing CNAME resource records. These records, when pointing to other resource records with short Time-To-Live (TTL) values, can lead to the `avahi-daemon` crashing once they expire. This vulnerability impacts the availability of services relying on Avahi's service discovery.", "issued": "2026-01-12T17:38:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68468 https://bugzilla.redhat.com/show_bug.cgi?id=2428714 https://www.cve.org/CVERecord?id=CVE-2025-68468 https://nvd.nist.gov/vuln/detail/CVE-2025-68468 https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a https://github.com/avahi/avahi/issues/683 https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B5eXEM8SeidgdpzXoFJFGQ==": { "id": "B5eXEM8SeidgdpzXoFJFGQ==", "updater": "rhel-vex", "name": "CVE-2026-33636", "description": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.", "issued": "2026-03-26T16:51:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33636 https://bugzilla.redhat.com/show_bug.cgi?id=2451819 https://www.cve.org/CVERecord?id=CVE-2026-33636 https://nvd.nist.gov/vuln/detail/CVE-2026-33636 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33636.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BV++s35Ur4bQRS6HK0QCIA==": { "id": "BV++s35Ur4bQRS6HK0QCIA==", "updater": "rhel-vex", "name": "CVE-2026-31789", "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-31789 https://bugzilla.redhat.com/show_bug.cgi?id=2451095 https://www.cve.org/CVERecord?id=CVE-2026-31789 https://nvd.nist.gov/vuln/detail/CVE-2026-31789 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bgew407C4GMDdNe8dNeN7w==": { "id": "Bgew407C4GMDdNe8dNeN7w==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Cz+nwSXEXv91W0XvZNqCqw==": { "id": "Cz+nwSXEXv91W0XvZNqCqw==", "updater": "rhel-vex", "name": "CVE-2026-5435", "description": "A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG (Transaction Signature) records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.", "issued": "2026-04-28T11:58:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5435 https://bugzilla.redhat.com/show_bug.cgi?id=2463465 https://www.cve.org/CVERecord?id=CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u https://sourceware.org/bugzilla/show_bug.cgi?id=34033 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5435.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ElIjMFAz33tt/XVMysRkdA==": { "id": "ElIjMFAz33tt/XVMysRkdA==", "updater": "rhel-vex", "name": "CVE-2026-0988", "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0988 https://bugzilla.redhat.com/show_bug.cgi?id=2429886 https://www.cve.org/CVERecord?id=CVE-2026-0988 https://nvd.nist.gov/vuln/detail/CVE-2026-0988 https://gitlab.gnome.org/GNOME/glib/-/issues/3851 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0988.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Elb2DrZLO9/IaIc7rSPVUg==": { "id": "Elb2DrZLO9/IaIc7rSPVUg==", "updater": "rhel-vex", "name": "CVE-2026-40355", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40355 https://bugzilla.redhat.com/show_bug.cgi?id=2463370 https://www.cve.org/CVERecord?id=CVE-2026-40355 https://nvd.nist.gov/vuln/detail/CVE-2026-40355 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40355.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FkRDB0vpJYeh2ipqLS0/Iw==": { "id": "FkRDB0vpJYeh2ipqLS0/Iw==", "updater": "rhel-vex", "name": "CVE-2025-28164", "description": "A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-28164 https://bugzilla.redhat.com/show_bug.cgi?id=2433398 https://www.cve.org/CVERecord?id=CVE-2025-28164 https://nvd.nist.gov/vuln/detail/CVE-2025-28164 https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20 https://github.com/pnggroup/libpng/issues/655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-28164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H9Ud41wofJc/QlL6Rm7WkA==": { "id": "H9Ud41wofJc/QlL6Rm7WkA==", "updater": "rhel-vex", "name": "CVE-2026-0968", "description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.", "issued": "2026-02-10T18:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0968 https://bugzilla.redhat.com/show_bug.cgi?id=2436982 https://www.cve.org/CVERecord?id=CVE-2026-0968 https://nvd.nist.gov/vuln/detail/CVE-2026-0968 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0968.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HB9r/GLycEmk6aXttwtBlw==": { "id": "HB9r/GLycEmk6aXttwtBlw==", "updater": "rhel-vex", "name": "CVE-2025-11468", "description": "Missing character filtering has been discovered in Python. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "issued": "2026-01-20T21:09:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11468 https://bugzilla.redhat.com/show_bug.cgi?id=2431375 https://www.cve.org/CVERecord?id=CVE-2025-11468 https://nvd.nist.gov/vuln/detail/CVE-2025-11468 https://github.com/python/cpython/issues/143935 https://github.com/python/cpython/pull/143936 https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11468.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HNpGGr9eP5twQKC3yCh1mA==": { "id": "HNpGGr9eP5twQKC3yCh1mA==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HdAyLUATPStr/HXiy9fgQw==": { "id": "HdAyLUATPStr/HXiy9fgQw==", "updater": "rhel-vex", "name": "CVE-2026-0990", "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0990 https://bugzilla.redhat.com/show_bug.cgi?id=2429959 https://www.cve.org/CVERecord?id=CVE-2026-0990 https://nvd.nist.gov/vuln/detail/CVE-2026-0990 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0990.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I31WPu2ZGWOsqloSJfE2Fg==": { "id": "I31WPu2ZGWOsqloSJfE2Fg==", "updater": "rhel-vex", "name": "CVE-2026-25646", "description": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.", "issued": "2026-02-10T17:04:38Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25646 https://bugzilla.redhat.com/show_bug.cgi?id=2438542 https://www.cve.org/CVERecord?id=CVE-2026-25646 https://nvd.nist.gov/vuln/detail/CVE-2026-25646 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IItHEdPWz5fl9O7ZhzjDAA==": { "id": "IItHEdPWz5fl9O7ZhzjDAA==", "updater": "rhel-vex", "name": "CVE-2026-0672", "description": "An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "issued": "2026-01-20T21:52:33Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0672 https://bugzilla.redhat.com/show_bug.cgi?id=2431374 https://www.cve.org/CVERecord?id=CVE-2026-0672 https://nvd.nist.gov/vuln/detail/CVE-2026-0672 https://github.com/python/cpython/issues/143919 https://github.com/python/cpython/pull/143920 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0672.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J5qRb3W5uqqCGngAp6UZrg==": { "id": "J5qRb3W5uqqCGngAp6UZrg==", "updater": "rhel-vex", "name": "CVE-2026-5450", "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "issued": "2026-04-20T20:55:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5450 https://bugzilla.redhat.com/show_bug.cgi?id=2459853 https://www.cve.org/CVERecord?id=CVE-2026-5450 https://nvd.nist.gov/vuln/detail/CVE-2026-5450 https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5450.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "K3eafQ/8P8PEZ3BPWZfCgg==": { "id": "K3eafQ/8P8PEZ3BPWZfCgg==", "updater": "rhel-vex", "name": "CVE-2026-27447", "description": "A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks.", "issued": "2026-04-03T21:11:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27447 https://bugzilla.redhat.com/show_bug.cgi?id=2454949 https://www.cve.org/CVERecord?id=CVE-2026-27447 https://nvd.nist.gov/vuln/detail/CVE-2026-27447 https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220 https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27447.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KCgCqCavM9U0xL+GHJqzSg==": { "id": "KCgCqCavM9U0xL+GHJqzSg==", "updater": "rhel-vex", "name": "CVE-2026-0964", "description": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111.", "issued": "2026-02-10T18:44:42Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0964 https://bugzilla.redhat.com/show_bug.cgi?id=2436979 https://www.cve.org/CVERecord?id=CVE-2026-0964 https://nvd.nist.gov/vuln/detail/CVE-2026-0964 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0964.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KExChYIaW0MvXNLWbjS/Hw==": { "id": "KExChYIaW0MvXNLWbjS/Hw==", "updater": "rhel-vex", "name": "CVE-2026-41080", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a specially crafted XML document that leverages insufficient entropy in the hash function. This can lead to hash flooding, a type of Denial of Service (DoS) attack, where the system becomes unresponsive or crashes due to excessive resource consumption.", "issued": "2026-04-16T16:52:01Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2458967 https://www.cve.org/CVERecord?id=CVE-2026-41080 https://nvd.nist.gov/vuln/detail/CVE-2026-41080 https://github.com/libexpat/libexpat/issues/47 https://github.com/libexpat/libexpat/pull/1183 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41080.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3k0cIIlkMGQFiWnZm8Mlg==": { "id": "L3k0cIIlkMGQFiWnZm8Mlg==", "updater": "rhel-vex", "name": "CVE-2025-12781", "description": "A flaw was found in the base64 module in the Python standard library. The b64decode, standard_b64decode and urlsafe_b64decode functions will always accept the '+' and '/' characters even when an alternative base64 alphabet is specified via the altchars parameter that excludes them. This input validation bypass allows malformed or unexpected data to pass through decoding filters, potentially causing logical errors or data integrity issues in applications relying on strict character sets.", "issued": "2026-01-21T19:34:47Z", "links": "https://access.redhat.com/security/cve/CVE-2025-12781 https://bugzilla.redhat.com/show_bug.cgi?id=2431736 https://www.cve.org/CVERecord?id=CVE-2025-12781 https://nvd.nist.gov/vuln/detail/CVE-2025-12781 https://github.com/python/cpython/issues/125346 https://github.com/python/cpython/pull/141128 https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12781.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LTmcTrhW8bJGvJXJVPjm/g==": { "id": "LTmcTrhW8bJGvJXJVPjm/g==", "updater": "rhel-vex", "name": "CVE-2026-24515", "description": "A null pointer dereference flaw has been discovered in libexpat. The function `XML_ExternalEntityParserCreate` failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions `XML_ExternalEntityParserCreate` and `XML_SetUnknownEncodingHandler` for an application to be vulnerable.", "issued": "2026-01-23T07:46:36Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24515 https://bugzilla.redhat.com/show_bug.cgi?id=2432312 https://www.cve.org/CVERecord?id=CVE-2026-24515 https://nvd.nist.gov/vuln/detail/CVE-2026-24515 https://github.com/libexpat/libexpat/pull/1131 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24515.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LWLSX4FCLbzYWK97i5Or+A==": { "id": "LWLSX4FCLbzYWK97i5Or+A==", "updater": "rhel-vex", "name": "CVE-2026-28389", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28389 https://bugzilla.redhat.com/show_bug.cgi?id=2451096 https://www.cve.org/CVERecord?id=CVE-2026-28389 https://nvd.nist.gov/vuln/detail/CVE-2026-28389 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28389.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lt2Hg7sVYgz0GD7ldFmjjA==": { "id": "Lt2Hg7sVYgz0GD7ldFmjjA==", "updater": "rhel-vex", "name": "CVE-2026-32777", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.", "issued": "2026-03-16T06:58:06Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32777 https://bugzilla.redhat.com/show_bug.cgi?id=2447890 https://www.cve.org/CVERecord?id=CVE-2026-32777 https://nvd.nist.gov/vuln/detail/CVE-2026-32777 https://github.com/libexpat/libexpat/issues/1161 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1162 https://issues.oss-fuzz.com/issues/486993411 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32777.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MW3KGjkk7BWuR5JCc6cywg==": { "id": "MW3KGjkk7BWuR5JCc6cywg==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://github.com/avahi/avahi/pull/577 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O8fIVXqcGshIonMWsEH9gA==": { "id": "O8fIVXqcGshIonMWsEH9gA==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OFdQC3/0S5rItoyqpACTFw==": { "id": "OFdQC3/0S5rItoyqpACTFw==", "updater": "rhel-vex", "name": "CVE-2026-4224", "description": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.", "issued": "2026-03-16T17:52:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4224 https://bugzilla.redhat.com/show_bug.cgi?id=2448181 https://www.cve.org/CVERecord?id=CVE-2026-4224 https://nvd.nist.gov/vuln/detail/CVE-2026-4224 https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3 https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768 https://github.com/python/cpython/issues/145986 https://github.com/python/cpython/pull/145987 https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4224.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OGfYu06hscS+jx5HR8e1UQ==": { "id": "OGfYu06hscS+jx5HR8e1UQ==", "updater": "rhel-vex", "name": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "issued": "2026-04-30T17:28:41Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33845 https://bugzilla.redhat.com/show_bug.cgi?id=2450624 https://www.cve.org/CVERecord?id=CVE-2026-33845 https://nvd.nist.gov/vuln/detail/CVE-2026-33845 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OLKvdPVgT9/lPcflJTxE3Q==": { "id": "OLKvdPVgT9/lPcflJTxE3Q==", "updater": "rhel-vex", "name": "CVE-2025-68160", "description": "A flaw was found in OpenSSL. This vulnerability involves an out-of-bounds write in the line-buffering BIO filter, which can lead to memory corruption. While exploitation is unlikely to be under direct attacker control, a successful attack could cause an application to crash, resulting in a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68160 https://bugzilla.redhat.com/show_bug.cgi?id=2430380 https://www.cve.org/CVERecord?id=CVE-2025-68160 https://nvd.nist.gov/vuln/detail/CVE-2025-68160 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68160.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OPNDKUsVLJt2v1gO1zvkBA==": { "id": "OPNDKUsVLJt2v1gO1zvkBA==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OTZM0RD60ajdSeEqWGkkTw==": { "id": "OTZM0RD60ajdSeEqWGkkTw==", "updater": "rhel-vex", "name": "CVE-2026-26740", "description": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.", "issued": "2026-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-26740 https://bugzilla.redhat.com/show_bug.cgi?id=2448747 https://www.cve.org/CVERecord?id=CVE-2026-26740 https://nvd.nist.gov/vuln/detail/CVE-2026-26740 https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26740.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OgFGrvrnAoXXvapnatTrxQ==": { "id": "OgFGrvrnAoXXvapnatTrxQ==", "updater": "rhel-vex", "name": "CVE-2026-0965", "description": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.", "issued": "2026-02-10T18:47:22Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0965 https://bugzilla.redhat.com/show_bug.cgi?id=2436980 https://www.cve.org/CVERecord?id=CVE-2026-0965 https://nvd.nist.gov/vuln/detail/CVE-2026-0965 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0965.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oi3Y6I7JDcoQrQyH+jMXWw==": { "id": "Oi3Y6I7JDcoQrQyH+jMXWw==", "updater": "rhel-vex", "name": "CVE-2025-14087", "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "issued": "2025-12-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14087 https://bugzilla.redhat.com/show_bug.cgi?id=2419093 https://www.cve.org/CVERecord?id=CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://gitlab.gnome.org/GNOME/glib/-/issues/3834 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14087.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OpUahpCA4oBceG962KxTMA==": { "id": "OpUahpCA4oBceG962KxTMA==", "updater": "rhel-vex", "name": "CVE-2026-22796", "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22796 https://bugzilla.redhat.com/show_bug.cgi?id=2430390 https://www.cve.org/CVERecord?id=CVE-2026-22796 https://nvd.nist.gov/vuln/detail/CVE-2026-22796 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22796.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Pe4IHqZpuBtuSkrgd2HMEg==": { "id": "Pe4IHqZpuBtuSkrgd2HMEg==", "updater": "rhel-vex", "name": "CVE-2025-13034", "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13034 https://bugzilla.redhat.com/show_bug.cgi?id=2426406 https://www.cve.org/CVERecord?id=CVE-2025-13034 https://nvd.nist.gov/vuln/detail/CVE-2025-13034 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13034.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q5xJp4zJ1MCYcYbDi9qrdQ==": { "id": "Q5xJp4zJ1MCYcYbDi9qrdQ==", "updater": "rhel-vex", "name": "CVE-2026-25068", "description": "alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and uses it as a loop bound without validating it against the fixed-size channel array (SND_TPLG_MAX_CHAN). A crafted topology file with an excessive num_channels value can cause out-of-bounds heap writes, leading to a crash.", "issued": "2026-01-29T19:08:03Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25068 https://bugzilla.redhat.com/show_bug.cgi?id=2435372 https://www.cve.org/CVERecord?id=CVE-2026-25068 https://nvd.nist.gov/vuln/detail/CVE-2026-25068 https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 https://www.vulncheck.com/advisories/alsa-lib-topology-decoder-heap-based-buffer-overflow https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25068.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "alsa-lib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QwBnC+2unbl7BaURui6Tng==": { "id": "QwBnC+2unbl7BaURui6Tng==", "updater": "rhel-vex", "name": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "issued": "2026-04-30T17:29:25Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3832 https://bugzilla.redhat.com/show_bug.cgi?id=2445762 https://www.cve.org/CVERecord?id=CVE-2026-3832 https://nvd.nist.gov/vuln/detail/CVE-2026-3832 https://gitlab.com/gnutls/gnutls/-/issues/1801 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3832.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RXjd5U95osIGXnqCa34Jkg==": { "id": "RXjd5U95osIGXnqCa34Jkg==", "updater": "rhel-vex", "name": "CVE-2026-0989", "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0989 https://bugzilla.redhat.com/show_bug.cgi?id=2429933 https://www.cve.org/CVERecord?id=CVE-2026-0989 https://nvd.nist.gov/vuln/detail/CVE-2026-0989 https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0989.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RYqFgDYIttLgJc8B82sK/w==": { "id": "RYqFgDYIttLgJc8B82sK/w==", "updater": "rhel-vex", "name": "CVE-2025-66382", "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "issued": "2025-11-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-66382 https://bugzilla.redhat.com/show_bug.cgi?id=2417661 https://www.cve.org/CVERecord?id=CVE-2025-66382 https://nvd.nist.gov/vuln/detail/CVE-2025-66382 https://github.com/libexpat/libexpat/issues/1076 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-66382.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdjNn4dAdZKcn6VS95a/SQ==": { "id": "RdjNn4dAdZKcn6VS95a/SQ==", "updater": "rhel-vex", "name": "CVE-2026-39314", "description": "A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol (IPP) attribute. This manipulation causes the cupsd root process to crash, which can be repeatedly triggered to achieve a sustained Denial of Service (DoS) on the system.", "issued": "2026-04-07T16:59:23Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39314 https://bugzilla.redhat.com/show_bug.cgi?id=2456107 https://www.cve.org/CVERecord?id=CVE-2026-39314 https://nvd.nist.gov/vuln/detail/CVE-2026-39314 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39314.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rfm1tD+QxSP/TVjKFDNabg==": { "id": "Rfm1tD+QxSP/TVjKFDNabg==", "updater": "rhel-vex", "name": "CVE-2026-0967", "description": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.", "issued": "2026-02-10T18:47:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0967 https://bugzilla.redhat.com/show_bug.cgi?id=2436981 https://www.cve.org/CVERecord?id=CVE-2026-0967 https://nvd.nist.gov/vuln/detail/CVE-2026-0967 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0967.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rw8DyDlyRHRJOeZaAbGMRA==": { "id": "Rw8DyDlyRHRJOeZaAbGMRA==", "updater": "rhel-vex", "name": "CVE-2025-59529", "description": "A flaw was found in avahi. The simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local Denial of Service.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59529 https://bugzilla.redhat.com/show_bug.cgi?id=2405338 https://www.cve.org/CVERecord?id=CVE-2025-59529 https://nvd.nist.gov/vuln/detail/CVE-2025-59529 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Te9j1HGn7feNCE/Fduu0+A==": { "id": "Te9j1HGn7feNCE/Fduu0+A==", "updater": "rhel-vex", "name": "CVE-2025-64505", "description": "A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.", "issued": "2025-11-24T23:38:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64505 https://bugzilla.redhat.com/show_bug.cgi?id=2416905 https://www.cve.org/CVERecord?id=CVE-2025-64505 https://nvd.nist.gov/vuln/detail/CVE-2025-64505 https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 https://github.com/pnggroup/libpng/pull/748 https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64505.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TuBnhFrkwMqIcYtYYgNGNQ==": { "id": "TuBnhFrkwMqIcYtYYgNGNQ==", "updater": "rhel-vex", "name": "CVE-2026-3784", "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "issued": "2026-03-11T10:09:21Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3784 https://bugzilla.redhat.com/show_bug.cgi?id=2446449 https://www.cve.org/CVERecord?id=CVE-2026-3784 https://nvd.nist.gov/vuln/detail/CVE-2026-3784 http://www.openwall.com/lists/oss-security/2026/03/11/3 https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3784.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UUIKm7f4jyfDWGKvptUQ8Q==": { "id": "UUIKm7f4jyfDWGKvptUQ8Q==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://www.libssh.org/security/advisories/CVE-2025-8277.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UyCjBcpeB0nhkRTVhUcAJQ==": { "id": "UyCjBcpeB0nhkRTVhUcAJQ==", "updater": "rhel-vex", "name": "CVE-2026-39316", "description": "A flaw was found in CUPS, an open-source printing system. This vulnerability, known as a use-after-free, occurs in the CUPS scheduler when temporary printers are automatically removed. The system fails to properly manage memory, leaving a pointer to a freed memory location. An attacker could exploit this to cause the CUPS daemon to crash, leading to a denial of service. In more severe scenarios, this could potentially allow an attacker to execute arbitrary code.", "issued": "2026-04-07T17:00:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-39316 https://bugzilla.redhat.com/show_bug.cgi?id=2456120 https://www.cve.org/CVERecord?id=CVE-2026-39316 https://nvd.nist.gov/vuln/detail/CVE-2026-39316 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39316.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VLzwKVDYC7fQrtcpCzjXjA==": { "id": "VLzwKVDYC7fQrtcpCzjXjA==", "updater": "rhel-vex", "name": "CVE-2025-69418", "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69418 https://bugzilla.redhat.com/show_bug.cgi?id=2430381 https://www.cve.org/CVERecord?id=CVE-2025-69418 https://nvd.nist.gov/vuln/detail/CVE-2025-69418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69418.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VP8+3bQwNwMNm6AhYTNJBQ==": { "id": "VP8+3bQwNwMNm6AhYTNJBQ==", "updater": "rhel-vex", "name": "CVE-2026-22020", "description": "No description is available for this CVE.", "issued": "2026-04-21T20:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2460045 https://www.cve.org/CVERecord?id=CVE-2026-22020 https://nvd.nist.gov/vuln/detail/CVE-2026-22020 https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22020.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VPoF+qCqaQ4y2sVl2255/g==": { "id": "VPoF+qCqaQ4y2sVl2255/g==", "updater": "rhel-vex", "name": "CVE-2026-33416", "description": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.", "issued": "2026-03-26T16:48:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33416 https://bugzilla.redhat.com/show_bug.cgi?id=2451805 https://www.cve.org/CVERecord?id=CVE-2026-33416 https://nvd.nist.gov/vuln/detail/CVE-2026-33416 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 https://github.com/pnggroup/libpng/pull/824 https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33416.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/DMqBRMDYVkVH3D67luGg==": { "id": "W/DMqBRMDYVkVH3D67luGg==", "updater": "rhel-vex", "name": "CVE-2025-64118", "description": "A flaw was found in node-tar, a Tar utility for Node.js. This vulnerability allows a local attacker to potentially disclose sensitive information. When the .t (or .list) function is used with { sync: true } to read tar entry contents, and the tar file is concurrently modified on disk to a smaller size, the function may return uninitialized memory contents. This could lead to the exposure of arbitrary data.", "issued": "2025-10-30T17:50:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64118 https://bugzilla.redhat.com/show_bug.cgi?id=2407440 https://www.cve.org/CVERecord?id=CVE-2025-64118 https://nvd.nist.gov/vuln/detail/CVE-2025-64118 https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64118.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WGvgNwrW2u5APZcidQ6v1Q==": { "id": "WGvgNwrW2u5APZcidQ6v1Q==", "updater": "rhel-vex", "name": "CVE-2026-27456", "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "issued": "2026-04-03T21:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27456 https://bugzilla.redhat.com/show_bug.cgi?id=2454956 https://www.cve.org/CVERecord?id=CVE-2026-27456 https://nvd.nist.gov/vuln/detail/CVE-2026-27456 https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4 https://github.com/util-linux/util-linux/releases/tag/v2.41.4 https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27456.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WcChSpNAL6V9Xfxc9AqW7g==": { "id": "WcChSpNAL6V9Xfxc9AqW7g==", "updater": "rhel-vex", "name": "CVE-2025-15469", "description": "A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the `openssl dgst` command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection because it remains unauthenticated. This vulnerability primarily impacts workflows that both sign and verify files using the affected `openssl dgst` command.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15469 https://bugzilla.redhat.com/show_bug.cgi?id=2430378 https://www.cve.org/CVERecord?id=CVE-2025-15469 https://nvd.nist.gov/vuln/detail/CVE-2025-15469 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15469.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Wp4+QBQm4nhI8rQxVklEXw==": { "id": "Wp4+QBQm4nhI8rQxVklEXw==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://www.libssh.org/security/advisories/CVE-2025-4878.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XBiy/XVR6SoThCkYUmkD1g==": { "id": "XBiy/XVR6SoThCkYUmkD1g==", "updater": "rhel-vex", "name": "CVE-2026-33056", "description": "A flaw was found in tar-rs, a Rust library for reading and writing tar archives. When unpacking a crafted tar archive, an attacker can exploit a symbolic link vulnerability. By including a symlink followed by a directory with the same name, the library incorrectly applies file permissions to the symlink's target. This allows an attacker to modify the permissions of arbitrary directories outside the intended extraction location.", "issued": "2026-03-20T07:11:10Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33056 https://bugzilla.redhat.com/show_bug.cgi?id=2449490 https://www.cve.org/CVERecord?id=CVE-2026-33056 https://nvd.nist.gov/vuln/detail/CVE-2026-33056 https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446 https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XXiaw1EwhFkuilI94EKiqQ==": { "id": "XXiaw1EwhFkuilI94EKiqQ==", "updater": "rhel-vex", "name": "CVE-2026-5713", "description": "A flaw was found in Python. A malicious Python process could exploit the \"profiling.sampling\" module and \"asyncio introspection capabilities\" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via its remote debugging feature, potentially leading to information disclosure and arbitrary code execution. Successful exploitation requires repeated connections, which may cause instability in the connecting process.", "issued": "2026-04-14T15:11:51Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5713 https://bugzilla.redhat.com/show_bug.cgi?id=2458239 https://www.cve.org/CVERecord?id=CVE-2026-5713 https://nvd.nist.gov/vuln/detail/CVE-2026-5713 https://github.com/python/cpython/issues/148178 https://github.com/python/cpython/pull/148187 https://mail.python.org/archives/list/security-announce@python.org/thread/OG4RHARYSNIE22GGOMVMCRH76L5HKPLM/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5713.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XbpXfbeApuDuIKvY0/qWiA==": { "id": "XbpXfbeApuDuIKvY0/qWiA==", "updater": "rhel-vex", "name": "CVE-2026-3731", "description": "A flaw was found in libssh. A remote attacker could trigger an out-of-bounds read vulnerability in the SFTP Extension Name Handler by manipulating the `idx` argument in the `sftp_extensions_get_name` or `sftp_extensions_get_data` functions. This could lead to a Denial of Service (DoS), making the affected system unresponsive.", "issued": "2026-03-08T10:32:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3731 https://bugzilla.redhat.com/show_bug.cgi?id=2445579 https://www.cve.org/CVERecord?id=CVE-2026-3731 https://nvd.nist.gov/vuln/detail/CVE-2026-3731 https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60 https://vuldb.com/?ctiid.349709 https://vuldb.com/?id.349709 https://vuldb.com/?submit.767120 https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3731.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XygysGe2kdlyCRQHM1fu3w==": { "id": "XygysGe2kdlyCRQHM1fu3w==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YoCxZvEp16Bt9LDv+Ficeg==": { "id": "YoCxZvEp16Bt9LDv+Ficeg==", "updater": "rhel-vex", "name": "CVE-2025-64506", "description": "A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.", "issued": "2025-11-24T23:41:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-64506 https://bugzilla.redhat.com/show_bug.cgi?id=2416906 https://www.cve.org/CVERecord?id=CVE-2025-64506 https://nvd.nist.gov/vuln/detail/CVE-2025-64506 https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 https://github.com/pnggroup/libpng/pull/749 https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-64506.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZdcpNqfrXAb14fwUEQLWGQ==": { "id": "ZdcpNqfrXAb14fwUEQLWGQ==", "updater": "rhel-vex", "name": "CVE-2026-41254", "description": "A flaw was found in Little CMS. An integer overflow in the `CubeSize` function within `cmslut.c` occurs because the overflow check is performed after the multiplication. An attacker could exploit this vulnerability by providing a specially crafted input, potentially leading to information disclosure or a denial of service (DoS), which makes the system unavailable to legitimate users.", "issued": "2026-04-18T06:43:13Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41254 https://bugzilla.redhat.com/show_bug.cgi?id=2459420 https://www.cve.org/CVERecord?id=CVE-2026-41254 https://nvd.nist.gov/vuln/detail/CVE-2026-41254 https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/ https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq https://www.openwall.com/lists/oss-security/2026/04/17/16 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41254.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZkEez7f24VNVhTaTCDhuEg==": { "id": "ZkEez7f24VNVhTaTCDhuEg==", "updater": "rhel-vex", "name": "CVE-2025-15468", "description": "A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC (Quick UDP Internet Connections) protocol. This vulnerability, occurring when the SSL_CIPHER_find() function is called in this specific context, leads to an abnormal termination of the running process, causing a Denial of Service (DoS).", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15468 https://bugzilla.redhat.com/show_bug.cgi?id=2430377 https://www.cve.org/CVERecord?id=CVE-2025-15468 https://nvd.nist.gov/vuln/detail/CVE-2025-15468 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15468.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZlxfTVb/4bi6yWQ+JLaOnw==": { "id": "ZlxfTVb/4bi6yWQ+JLaOnw==", "updater": "rhel-vex", "name": "CVE-2026-2297", "description": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.", "issued": "2026-03-04T22:10:43Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2297 https://bugzilla.redhat.com/show_bug.cgi?id=2444691 https://www.cve.org/CVERecord?id=CVE-2026-2297 https://nvd.nist.gov/vuln/detail/CVE-2026-2297 https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86 https://github.com/python/cpython/issues/145506 https://github.com/python/cpython/pull/145507 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Znm2hdK/FULQhTTGTVX59Q==": { "id": "Znm2hdK/FULQhTTGTVX59Q==", "updater": "rhel-vex", "name": "CVE-2026-3783", "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "issued": "2026-03-11T10:09:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3783 https://bugzilla.redhat.com/show_bug.cgi?id=2446450 https://www.cve.org/CVERecord?id=CVE-2026-3783 https://nvd.nist.gov/vuln/detail/CVE-2026-3783 http://www.openwall.com/lists/oss-security/2026/03/11/2 https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3783.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp5q2R9PHTn/pmrn158k9A==": { "id": "Zp5q2R9PHTn/pmrn158k9A==", "updater": "rhel-vex", "name": "CVE-2026-41989", "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "issued": "2026-04-23T04:30:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-41989 https://bugzilla.redhat.com/show_bug.cgi?id=2461063 https://www.cve.org/CVERecord?id=CVE-2026-41989 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 https://dev.gnupg.org/T8211 https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html https://www.openwall.com/lists/oss-security/2026/04/21/1 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41989.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "avzu5SRbIjcduH4QdmZ1gg==": { "id": "avzu5SRbIjcduH4QdmZ1gg==", "updater": "rhel-vex", "name": "CVE-2026-0966", "description": "The API function `ssh_get_hexa()` is vulnerable, when 0-lenght\ninput is provided to this function. This function is used internally\nin `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),\nwhich is vulnerable to the same input (length is provided by the\ncalling application).\n\nThe function is also used internally in the gssapi code for logging\nthe OIDs received by the server during GSSAPI authentication. This\ncould be triggered remotely, when the server allows GSSAPI authentication\nand logging verbosity is set at least to SSH_LOG_PACKET (3). This\ncould cause self-DoS of the per-connection daemon process.", "issued": "2026-02-10T18:47:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0966 https://bugzilla.redhat.com/show_bug.cgi?id=2433121 https://www.cve.org/CVERecord?id=CVE-2026-0966 https://nvd.nist.gov/vuln/detail/CVE-2026-0966 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0966.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cW+DgNrGAeRAwNB4wrDZhw==": { "id": "cW+DgNrGAeRAwNB4wrDZhw==", "updater": "rhel-vex", "name": "CVE-2026-22695", "description": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.", "issued": "2026-01-12T22:55:40Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22695 https://bugzilla.redhat.com/show_bug.cgi?id=2428825 https://www.cve.org/CVERecord?id=CVE-2026-22695 https://nvd.nist.gov/vuln/detail/CVE-2026-22695 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22695.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cqYWiTibDLM7aibErMKang==": { "id": "cqYWiTibDLM7aibErMKang==", "updater": "rhel-vex", "name": "CVE-2026-4437", "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "issued": "2026-03-20T19:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4437 https://bugzilla.redhat.com/show_bug.cgi?id=2449777 https://www.cve.org/CVERecord?id=CVE-2026-4437 https://nvd.nist.gov/vuln/detail/CVE-2026-4437 https://sourceware.org/bugzilla/show_bug.cgi?id=34014 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4437.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "crmilTSJ/pTSPBKY9EJmZg==": { "id": "crmilTSJ/pTSPBKY9EJmZg==", "updater": "rhel-vex", "name": "CVE-2025-14524", "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14524 https://bugzilla.redhat.com/show_bug.cgi?id=2426407 https://www.cve.org/CVERecord?id=CVE-2025-14524 https://nvd.nist.gov/vuln/detail/CVE-2025-14524 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14524.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dYucp/SettSQd/Hpukj6pA==": { "id": "dYucp/SettSQd/Hpukj6pA==", "updater": "rhel-vex", "name": "CVE-2026-5545", "description": "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5545 https://bugzilla.redhat.com/show_bug.cgi?id=2461204 https://www.cve.org/CVERecord?id=CVE-2026-5545 https://nvd.nist.gov/vuln/detail/CVE-2026-5545 https://curl.se/docs/CVE-2026-5545.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5545.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eCNdMtt9JN2Rrb8I23NIsA==": { "id": "eCNdMtt9JN2Rrb8I23NIsA==", "updater": "rhel-vex", "name": "CVE-2026-34990", "description": "A flaw was found in OpenPrinting CUPS. A local unprivileged user can exploit this vulnerability by coercing the `cupsd` service to authenticate to an attacker-controlled Internet Printing Protocol (IPP) service. This allows the user to create a persistent printer queue that can overwrite arbitrary files with root privileges. Successful exploitation can lead to privilege escalation and arbitrary root command execution.", "issued": "2026-04-03T21:14:09Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34990 https://bugzilla.redhat.com/show_bug.cgi?id=2454947 https://www.cve.org/CVERecord?id=CVE-2026-34990 https://nvd.nist.gov/vuln/detail/CVE-2026-34990 https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34990.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT6cIVRM+743nfHJKo4yuQ==": { "id": "fT6cIVRM+743nfHJKo4yuQ==", "updater": "rhel-vex", "name": "CVE-2026-6429", "description": "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6429 https://bugzilla.redhat.com/show_bug.cgi?id=2461205 https://www.cve.org/CVERecord?id=CVE-2026-6429 https://nvd.nist.gov/vuln/detail/CVE-2026-6429 https://curl.se/docs/CVE-2026-6429.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6429.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h6rS2s3xilGaG0a+pIjl8A==": { "id": "h6rS2s3xilGaG0a+pIjl8A==", "updater": "rhel-vex", "name": "CVE-2026-3644", "description": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "issued": "2026-03-16T17:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3644 https://bugzilla.redhat.com/show_bug.cgi?id=2448168 https://www.cve.org/CVERecord?id=CVE-2026-3644 https://nvd.nist.gov/vuln/detail/CVE-2026-3644 https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4 https://github.com/python/cpython/issues/145599 https://github.com/python/cpython/pull/145600 https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3644.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hfBpyVezkUAf98QWnlvzIA==": { "id": "hfBpyVezkUAf98QWnlvzIA==", "updater": "rhel-vex", "name": "CVE-2026-34743", "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "issued": "2026-04-02T18:36:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34743 https://bugzilla.redhat.com/show_bug.cgi?id=2454589 https://www.cve.org/CVERecord?id=CVE-2026-34743 https://nvd.nist.gov/vuln/detail/CVE-2026-34743 https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 https://github.com/tukaani-project/xz/releases/tag/v5.8.3 https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34743.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "xz", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hkP7fdNBNcMv5alTtw0c+Q==": { "id": "hkP7fdNBNcMv5alTtw0c+Q==", "updater": "rhel-vex", "name": "CVE-2025-13151", "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "issued": "2026-01-07T21:14:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-13151 https://bugzilla.redhat.com/show_bug.cgi?id=2427698 https://www.cve.org/CVERecord?id=CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 https://gitlab.com/gnutls/libtasn1 https://gitlab.com/gnutls/libtasn1/-/merge_requests/121 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ho4M6//kfDyE5kZ9fbpV0g==": { "id": "ho4M6//kfDyE5kZ9fbpV0g==", "updater": "rhel-vex", "name": "CVE-2025-14819", "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14819 https://bugzilla.redhat.com/show_bug.cgi?id=2426408 https://www.cve.org/CVERecord?id=CVE-2025-14819 https://nvd.nist.gov/vuln/detail/CVE-2025-14819 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14819.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iEGZHZXt8HWPSM5eJesddQ==": { "id": "iEGZHZXt8HWPSM5eJesddQ==", "updater": "rhel-vex", "name": "CVE-2025-7039", "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "issued": "2025-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423 https://www.cve.org/CVERecord?id=CVE-2025-7039 https://nvd.nist.gov/vuln/detail/CVE-2025-7039 https://gitlab.gnome.org/GNOME/glib/-/issues/3716 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7039.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ieASPdYzGxWke8nZZhE02Q==": { "id": "ieASPdYzGxWke8nZZhE02Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "A vulnerability was found in the demangle_template function in GNU libiberty, as distributed in GNU Binutils, where a memory leak could occur, a specially crafted file could cause the application to consume excessive memory, potentially leading to a crash.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kCsMurCi7F77HxJoLqd9jA==": { "id": "kCsMurCi7F77HxJoLqd9jA==", "updater": "rhel-vex", "name": "CVE-2026-34978", "description": "A flaw was found in OpenPrinting CUPS. A remote attacker can exploit a path traversal vulnerability in the RSS notifier by manipulating the `notify-recipient-uri`. This allows writing arbitrary RSS XML data to sensitive files outside the intended directory. This can lead to a denial of service (DoS) by corrupting critical system files, such as the job cache, causing the scheduler to fail and previously queued jobs to disappear.", "issued": "2026-04-03T21:15:15Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34978 https://bugzilla.redhat.com/show_bug.cgi?id=2454957 https://www.cve.org/CVERecord?id=CVE-2026-34978 https://nvd.nist.gov/vuln/detail/CVE-2026-34978 https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34978.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "klCkJxhhNVG564GOUQMh+Q==": { "id": "klCkJxhhNVG564GOUQMh+Q==", "updater": "rhel-vex", "name": "CVE-2026-5745", "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5745 https://bugzilla.redhat.com/show_bug.cgi?id=2455921 https://www.cve.org/CVERecord?id=CVE-2026-5745 https://nvd.nist.gov/vuln/detail/CVE-2026-5745 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5745.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mouoWVvs12H8FynnB5qIsQ==": { "id": "mouoWVvs12H8FynnB5qIsQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "This issue resides on libiberty code, a part of binutils, distributed with different versions of RH software. The vulnerability is triggered when the shstrndx (Section Header String Table Index) is zero in the ELF file. This specific condition leads to the integer overflow and subsequent buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n+SYCf6UN4VyD5OPJagpTA==": { "id": "n+SYCf6UN4VyD5OPJagpTA==", "updater": "rhel-vex", "name": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "issued": "2026-05-04T08:53:59Z", "links": "https://access.redhat.com/security/cve/CVE-2026-33846 https://bugzilla.redhat.com/show_bug.cgi?id=2450625 https://www.cve.org/CVERecord?id=CVE-2026-33846 https://nvd.nist.gov/vuln/detail/CVE-2026-33846 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33846.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ngbKDtxhn33NKWC2lhOQNQ==": { "id": "ngbKDtxhn33NKWC2lhOQNQ==", "updater": "rhel-vex", "name": "CVE-2026-1485", "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325 https://www.cve.org/CVERecord?id=CVE-2026-1485 https://nvd.nist.gov/vuln/detail/CVE-2026-1485 https://gitlab.gnome.org/GNOME/glib/-/issues/3871 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1485.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nhJPQpDYg9We/U8oBJw4JQ==": { "id": "nhJPQpDYg9We/U8oBJw4JQ==", "updater": "rhel-vex", "name": "CVE-2026-6019", "description": "A flaw was found in Python's `http.cookies` module. The `Morsel.js_output()` function, responsible for generating JavaScript output for cookies, does not properly neutralize the `\u003c/script\u003e` HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to Cross-Site Scripting (XSS) attacks. Such an attack could result in information disclosure or arbitrary code execution within the user's browser.", "issued": "2026-04-22T19:28:08Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6019 https://bugzilla.redhat.com/show_bug.cgi?id=2460869 https://www.cve.org/CVERecord?id=CVE-2026-6019 https://nvd.nist.gov/vuln/detail/CVE-2026-6019 https://github.com/python/cpython/commit/76b3923d688c0efc580658476c5f525ec8735104 https://github.com/python/cpython/issues/90309 https://github.com/python/cpython/pull/148848 https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6019.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npBrFSWnZYxq9cizdfDfCQ==": { "id": "npBrFSWnZYxq9cizdfDfCQ==", "updater": "rhel-vex", "name": "CVE-2026-1489", "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1489 https://bugzilla.redhat.com/show_bug.cgi?id=2433348 https://www.cve.org/CVERecord?id=CVE-2026-1489 https://nvd.nist.gov/vuln/detail/CVE-2026-1489 https://gitlab.gnome.org/GNOME/glib/-/issues/3872 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1489.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "p2qAiuM4AsdQ5J4fBWvbBA==": { "id": "p2qAiuM4AsdQ5J4fBWvbBA==", "updater": "rhel-vex", "name": "CVE-2025-14512", "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "issued": "2025-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 https://www.cve.org/CVERecord?id=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://gitlab.gnome.org/GNOME/glib/-/issues/3845 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14512.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qC/lM94bJkHuTCcx6Z47mQ==": { "id": "qC/lM94bJkHuTCcx6Z47mQ==", "updater": "rhel-vex", "name": "CVE-2026-32778", "description": "A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.", "issued": "2026-03-16T07:02:34Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32778 https://bugzilla.redhat.com/show_bug.cgi?id=2447885 https://www.cve.org/CVERecord?id=CVE-2026-32778 https://nvd.nist.gov/vuln/detail/CVE-2026-32778 https://github.com/libexpat/libexpat/pull/1159 https://github.com/libexpat/libexpat/pull/1163 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32778.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qS+8YNw5cEHn5bXG24Qmgg==": { "id": "qS+8YNw5cEHn5bXG24Qmgg==", "updater": "rhel-vex", "name": "CVE-2026-5928", "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "issued": "2026-04-20T20:37:31Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5928 https://bugzilla.redhat.com/show_bug.cgi?id=2459854 https://www.cve.org/CVERecord?id=CVE-2026-5928 https://nvd.nist.gov/vuln/detail/CVE-2026-5928 https://sourceware.org/bugzilla/show_bug.cgi?id=33998 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5928.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qv1CBAIhzNsoWe8hSWlF1g==": { "id": "qv1CBAIhzNsoWe8hSWlF1g==", "updater": "rhel-vex", "name": "CVE-2026-28390", "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "issued": "2026-04-07T22:00:54Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28390 https://bugzilla.redhat.com/show_bug.cgi?id=2456314 https://www.cve.org/CVERecord?id=CVE-2026-28390 https://nvd.nist.gov/vuln/detail/CVE-2026-28390 https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6 https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4 https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788 https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28390.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rCI1GSL47zJlliQotxXM4Q==": { "id": "rCI1GSL47zJlliQotxXM4Q==", "updater": "rhel-vex", "name": "CVE-2026-2673", "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "issued": "2026-03-13T13:23:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-2673 https://bugzilla.redhat.com/show_bug.cgi?id=2447327 https://www.cve.org/CVERecord?id=CVE-2026-2673 https://nvd.nist.gov/vuln/detail/CVE-2026-2673 https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34 https://openssl-library.org/news/secadv/20260313.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2673.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEd6JdG2xx5NZ9bcsFRNpw==": { "id": "rEd6JdG2xx5NZ9bcsFRNpw==", "updater": "rhel-vex", "name": "CVE-2026-28388", "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "issued": "2026-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-28388 https://bugzilla.redhat.com/show_bug.cgi?id=2451097 https://www.cve.org/CVERecord?id=CVE-2026-28388 https://nvd.nist.gov/vuln/detail/CVE-2026-28388 https://openssl-library.org/news/secadv/20260407.txt https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28388.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rEg00U8+//igCt+0+QBUhA==": { "id": "rEg00U8+//igCt+0+QBUhA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "raKuHZN4AggeEUt0ItIq1Q==": { "id": "raKuHZN4AggeEUt0ItIq1Q==", "updater": "rhel-vex", "name": "CVE-2026-40356", "description": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "issued": "2026-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-40356 https://bugzilla.redhat.com/show_bug.cgi?id=2463368 https://www.cve.org/CVERecord?id=CVE-2026-40356 https://nvd.nist.gov/vuln/detail/CVE-2026-40356 https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f https://web.mit.edu/kerberos/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40356.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rfyVleP0iFAaKAccoWyLNQ==": { "id": "rfyVleP0iFAaKAccoWyLNQ==", "updater": "rhel-vex", "name": "CVE-2026-3805", "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "issued": "2026-03-11T10:09:37Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3805 https://bugzilla.redhat.com/show_bug.cgi?id=2446451 https://www.cve.org/CVERecord?id=CVE-2026-3805 https://nvd.nist.gov/vuln/detail/CVE-2026-3805 http://www.openwall.com/lists/oss-security/2026/03/11/4 https://curl.se/docs/CVE-2026-3805.html https://curl.se/docs/CVE-2026-3805.json https://hackerone.com/reports/3591944 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3805.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ruDQdx7OmIsgMCpioWbqOQ==": { "id": "ruDQdx7OmIsgMCpioWbqOQ==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s1kzjy+cDztHEcgHrl7kHQ==": { "id": "s1kzjy+cDztHEcgHrl7kHQ==", "updater": "rhel-vex", "name": "CVE-2026-22801", "description": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.", "issued": "2026-01-12T22:57:58Z", "links": "https://access.redhat.com/security/cve/CVE-2026-22801 https://bugzilla.redhat.com/show_bug.cgi?id=2428824 https://www.cve.org/CVERecord?id=CVE-2026-22801 https://nvd.nist.gov/vuln/detail/CVE-2026-22801 https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22801.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sExC9WXn4M01POjg0haQrA==": { "id": "sExC9WXn4M01POjg0haQrA==", "updater": "rhel-vex", "name": "CVE-2026-34933", "description": "A flaw was found in Avahi. An unprivileged local user can exploit this vulnerability by sending a D-Bus method call with conflicting publish flags. This can lead to a denial of service (DoS) by crashing the avahi-daemon, making the service unavailable.", "issued": "2026-04-03T22:43:26Z", "links": "https://access.redhat.com/security/cve/CVE-2026-34933 https://bugzilla.redhat.com/show_bug.cgi?id=2454978 https://www.cve.org/CVERecord?id=CVE-2026-34933 https://nvd.nist.gov/vuln/detail/CVE-2026-34933 https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c https://github.com/avahi/avahi/pull/891 https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34933.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sThg2GGoKqa1RTJ5skEJTA==": { "id": "sThg2GGoKqa1RTJ5skEJTA==", "updater": "rhel-vex", "name": "CVE-2026-24883", "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "issued": "2026-01-27T18:43:18Z", "links": "https://access.redhat.com/security/cve/CVE-2026-24883 https://bugzilla.redhat.com/show_bug.cgi?id=2433463 https://www.cve.org/CVERecord?id=CVE-2026-24883 https://nvd.nist.gov/vuln/detail/CVE-2026-24883 https://dev.gnupg.org/T8049 https://www.openwall.com/lists/oss-security/2026/01/27/8 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24883.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t3XJyztcU9aOXTMLI8NRmA==": { "id": "t3XJyztcU9aOXTMLI8NRmA==", "updater": "rhel-vex", "name": "CVE-2026-29111", "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "issued": "2026-03-23T21:03:56Z", "links": "https://access.redhat.com/security/cve/CVE-2026-29111 https://bugzilla.redhat.com/show_bug.cgi?id=2450505 https://www.cve.org/CVERecord?id=CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-29111.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tYeLT/YUKIk7yaK07WvPeA==": { "id": "tYeLT/YUKIk7yaK07WvPeA==", "updater": "rhel-vex", "name": "CVE-2026-32776", "description": "A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-16T06:54:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-32776 https://bugzilla.redhat.com/show_bug.cgi?id=2447888 https://www.cve.org/CVERecord?id=CVE-2026-32776 https://nvd.nist.gov/vuln/detail/CVE-2026-32776 https://github.com/libexpat/libexpat/pull/1158 https://github.com/libexpat/libexpat/pull/1159 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32776.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "teoauN/Djw6odXikmjP4Lw==": { "id": "teoauN/Djw6odXikmjP4Lw==", "updater": "rhel-vex", "name": "CVE-2025-68471", "description": "A flaw was found in Avahi, a system that enables devices to discover services on a local network using the mDNS/DNS-SD (Multicast Domain Name System/DNS-based Service Discovery) protocols. A remote attacker can exploit this by sending two specific network messages, known as unsolicited announcements with CNAME resource records, within a two-second timeframe. This action can cause the `avahi-daemon` process to crash, leading to a Denial of Service (DoS) for the affected system.", "issued": "2026-01-12T17:39:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-68471 https://bugzilla.redhat.com/show_bug.cgi?id=2428717 https://www.cve.org/CVERecord?id=CVE-2025-68471 https://nvd.nist.gov/vuln/detail/CVE-2025-68471 https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1 https://github.com/avahi/avahi/issues/678 https://github.com/avahi/avahi/security/advisories/GHSA-56rf-42xr-qmmg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68471.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tlWVK61iOpKPkvmeShS9AQ==": { "id": "tlWVK61iOpKPkvmeShS9AQ==", "updater": "rhel-vex", "name": "CVE-2025-69421", "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "issued": "2026-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-69421 https://bugzilla.redhat.com/show_bug.cgi?id=2430387 https://www.cve.org/CVERecord?id=CVE-2025-69421 https://nvd.nist.gov/vuln/detail/CVE-2025-69421 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69421.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tnBbKyfWYMq7GMqd8UCfIw==": { "id": "tnBbKyfWYMq7GMqd8UCfIw==", "updater": "rhel-vex", "name": "CVE-2025-70873", "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "issued": "2026-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-70873 https://bugzilla.redhat.com/show_bug.cgi?id=2447086 https://www.cve.org/CVERecord?id=CVE-2025-70873 https://nvd.nist.gov/vuln/detail/CVE-2025-70873 https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054 https://sqlite.org/forum/forumpost/761eac3c82 https://sqlite.org/src/info/3d459f1fb1bd1b5e https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70873.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u7b5r2PfK9a1QyjBR1cFRw==": { "id": "u7b5r2PfK9a1QyjBR1cFRw==", "updater": "rhel-vex", "name": "CVE-2026-4046", "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "issued": "2026-03-30T17:16:11Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4046 https://bugzilla.redhat.com/show_bug.cgi?id=2453117 https://www.cve.org/CVERecord?id=CVE-2026-4046 https://nvd.nist.gov/vuln/detail/CVE-2026-4046 https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/ https://sourceware.org/bugzilla/show_bug.cgi?id=33980 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4046.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEggs7thHCRp4eZu5EDH0A==": { "id": "uEggs7thHCRp4eZu5EDH0A==", "updater": "rhel-vex", "name": "CVE-2026-27171", "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "issued": "2026-02-18T02:36:19Z", "links": "https://access.redhat.com/security/cve/CVE-2026-27171 https://bugzilla.redhat.com/show_bug.cgi?id=2440530 https://www.cve.org/CVERecord?id=CVE-2026-27171 https://nvd.nist.gov/vuln/detail/CVE-2026-27171 https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf https://github.com/madler/zlib/issues/904 https://github.com/madler/zlib/releases/tag/v1.3.2 https://ostif.org/zlib-audit-complete/ https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27171.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "v1exQXePimNPt3tveLBP9g==": { "id": "v1exQXePimNPt3tveLBP9g==", "updater": "rhel-vex", "name": "CVE-2026-1965", "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "issued": "2026-03-11T10:08:52Z", "links": "https://access.redhat.com/security/cve/CVE-2026-1965 https://bugzilla.redhat.com/show_bug.cgi?id=2446448 https://www.cve.org/CVERecord?id=CVE-2026-1965 https://nvd.nist.gov/vuln/detail/CVE-2026-1965 https://curl.se/docs/CVE-2026-1965.html https://curl.se/docs/CVE-2026-1965.json https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1965.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vTJZ/R8pdcyDbwAwRi8cBw==": { "id": "vTJZ/R8pdcyDbwAwRi8cBw==", "updater": "rhel-vex", "name": "CVE-2025-15079", "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "issued": "2026-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-15079 https://bugzilla.redhat.com/show_bug.cgi?id=2426409 https://www.cve.org/CVERecord?id=CVE-2025-15079 https://nvd.nist.gov/vuln/detail/CVE-2025-15079 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15079.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vx2N2RZTm7neux8kVlqgEg==": { "id": "vx2N2RZTm7neux8kVlqgEg==", "updater": "rhel-vex", "name": "CVE-2026-5704", "description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "issued": "2026-04-06T13:36:20Z", "links": "https://access.redhat.com/security/cve/CVE-2026-5704 https://bugzilla.redhat.com/show_bug.cgi?id=2455360 https://www.cve.org/CVERecord?id=CVE-2026-5704 https://nvd.nist.gov/vuln/detail/CVE-2026-5704 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5704.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wbBiCPikq6Iz02EPsysTgA==": { "id": "wbBiCPikq6Iz02EPsysTgA==", "updater": "rhel-vex", "name": "CVE-2025-14017", "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "issued": "2026-01-08T10:07:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-14017 https://bugzilla.redhat.com/show_bug.cgi?id=2427870 https://www.cve.org/CVERecord?id=CVE-2025-14017 https://nvd.nist.gov/vuln/detail/CVE-2025-14017 https://curl.se/docs/CVE-2025-14017.html https://curl.se/docs/CVE-2025-14017.json https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14017.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wxS+u/uf8o4sT9iSccXQwA==": { "id": "wxS+u/uf8o4sT9iSccXQwA==", "updater": "rhel-vex", "name": "CVE-2026-4426", "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "issued": "2026-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-4426 https://bugzilla.redhat.com/show_bug.cgi?id=2449010 https://www.cve.org/CVERecord?id=CVE-2026-4426 https://nvd.nist.gov/vuln/detail/CVE-2026-4426 https://github.com/libarchive/libarchive/pull/2897 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4426.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKLQGv5zNwcnWtQQKiO3Ww==": { "id": "xKLQGv5zNwcnWtQQKiO3Ww==", "updater": "rhel-vex", "name": "CVE-2026-25645", "description": "A flaw was found in the `requests` HTTP library, specifically in the `requests.utils.extract_zipped_paths()` function, which is used to load Certificate Authority (CA) bundles. A local attacker can exploit this vulnerability by pre-creating a malicious CA bundle file in the system's temporary directory. When a vulnerable application initializes the `requests` library, it may load this malicious file instead of the legitimate CA bundle, leading to a bypass of security controls and potential integrity compromise.", "issued": "2026-03-25T17:02:48Z", "links": "https://access.redhat.com/security/cve/CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2451408 https://www.cve.org/CVERecord?id=CVE-2026-25645 https://nvd.nist.gov/vuln/detail/CVE-2026-25645 https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 https://github.com/psf/requests/releases/tag/v2.33.0 https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25645.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xjRJnKlNaH/FGi0NN5VKBQ==": { "id": "xjRJnKlNaH/FGi0NN5VKBQ==", "updater": "rhel-vex", "name": "CVE-2026-0992", "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "issued": "2026-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-0992 https://bugzilla.redhat.com/show_bug.cgi?id=2429975 https://www.cve.org/CVERecord?id=CVE-2026-0992 https://nvd.nist.gov/vuln/detail/CVE-2026-0992 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0992.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yrec5aYK5L1Cn+46ZF7wbw==": { "id": "yrec5aYK5L1Cn+46ZF7wbw==", "updater": "rhel-vex", "name": "CVE-2026-6253", "description": "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "issued": "2026-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2026-6253 https://bugzilla.redhat.com/show_bug.cgi?id=2461202 https://www.cve.org/CVERecord?id=CVE-2026-6253 https://nvd.nist.gov/vuln/detail/CVE-2026-6253 https://curl.se/docs/CVE-2026-6253.html https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6253.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zIdEM/kGXg+rxyZW+kVVlw==": { "id": "zIdEM/kGXg+rxyZW+kVVlw==", "updater": "rhel-vex", "name": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "issued": "2026-04-30T17:26:28Z", "links": "https://access.redhat.com/security/cve/CVE-2026-3833 https://bugzilla.redhat.com/show_bug.cgi?id=2445763 https://www.cve.org/CVERecord?id=CVE-2026-3833 https://nvd.nist.gov/vuln/detail/CVE-2026-3833 https://gitlab.com/gnutls/gnutls/-/issues/1803 https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3833.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "MRnBR1NwPejsF0F/Po53Ew==", "O6eQrDqYe8zCvECWFMIzFQ==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ "Elb2DrZLO9/IaIc7rSPVUg==", "raKuHZN4AggeEUt0ItIq1Q==" ], "4flTdmUV4iK1Ax+LXJm8qQ==": [ "QwBnC+2unbl7BaURui6Tng==", "OGfYu06hscS+jx5HR8e1UQ==", "n+SYCf6UN4VyD5OPJagpTA==", "zIdEM/kGXg+rxyZW+kVVlw==", "fvGjL9hw9hDQockMTb7lrA==" ], "4mBaAtvqw4Xnt3KyHa6xnQ==": [ "Te9j1HGn7feNCE/Fduu0+A==", "VPoF+qCqaQ4y2sVl2255/g==", "cW+DgNrGAeRAwNB4wrDZhw==", "VP8+3bQwNwMNm6AhYTNJBQ==", "s1kzjy+cDztHEcgHrl7kHQ==", "6p6EeZQEuYkK2CtO4ey3Ag==", "m8ueKfgkaYIYTU+xtIQcwA==", "I31WPu2ZGWOsqloSJfE2Fg==", "ZdcpNqfrXAb14fwUEQLWGQ==", "29qrZyz+fmdn9Nzjpl2/Pg==", "8TgjbHNGzIFm7/fF9DBU7Q==", "YoCxZvEp16Bt9LDv+Ficeg==", "FkRDB0vpJYeh2ipqLS0/Iw==", "OTZM0RD60ajdSeEqWGkkTw==", "B5eXEM8SeidgdpzXoFJFGQ==", "1vG4ZYIu07BTj9XJ+a+P9Q==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "hkP7fdNBNcMv5alTtw0c+Q==", "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==", "Zp5q2R9PHTn/pmrn158k9A==", "5e3gC+KDeb36jTLxBYtijg==" ], "ACY3djwkey7ZIXbd0V+Giw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "AIs6pmCup5N9+6Ag6e2/og==": [ "PcNbuWOo0ahqjfbOQhXvvQ==", "LWLSX4FCLbzYWK97i5Or+A==", "rVgBV65FWtFg3jitEqotFA==", "BV++s35Ur4bQRS6HK0QCIA==", "tlWVK61iOpKPkvmeShS9AQ==", "gagftKXuSuh9pi4dRu9yPQ==", "qv1CBAIhzNsoWe8hSWlF1g==", "86unVXyTxdffdcXWZTYw5g==", "VLzwKVDYC7fQrtcpCzjXjA==", "rEd6JdG2xx5NZ9bcsFRNpw==", "8D3i4K1ylUr5dGk9imV9zA==", "ZkEez7f24VNVhTaTCDhuEg==", "rCI1GSL47zJlliQotxXM4Q==", "QUtTYJuHdkAOgtveagWUfA==", "Fp999hDC/lucBsNHwOlp/A==", "OpUahpCA4oBceG962KxTMA==", "QcOTYeOedG0AUhPSakMpIA==", "97PwDrD8knMveLXwKCvQjA==", "OLKvdPVgT9/lPcflJTxE3Q==", "WcChSpNAL6V9Xfxc9AqW7g==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==" ], "AziZ1oGI+oDXVPzldKNj+w==": [ "3O4IzHXnRQMZXCe1gYATvw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "CP6fmHsRon29d9dGmAC8yQ==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "DV119Dw0W4RdsbJkdoHU9w==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "DgyhtZBcSIlVmY6xC8s1mA==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "Dmgfuk4/ZGW2Pjrf3pzOwg==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "FS5/DAbDsXWURU9onlACPA==": [ "Q5xJp4zJ1MCYcYbDi9qrdQ==" ], "J34PJ2GThOWZuKVgFIoieA==": [ "uEggs7thHCRp4eZu5EDH0A==" ], "KYSXsdsObSOPb3/iOOdbDw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "LXiVkIlXLq/usMYIwCTH8Q==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "LkoLKEri5dIAb0vFMkSOag==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "MA5xnJmwv4AJZhc2768UiA==": [ "G7IyfoPhe9f8QzIGbOfn7Q==", "92KuvWwbPhsQNPu0knrHAQ==", "HdAyLUATPStr/HXiy9fgQw==", "TLOrmSYL76Du+GI4WD9gMQ==", "619DQiII/+IW12e6tmtrxw==", "RXjd5U95osIGXnqCa34Jkg==", "7Puka2o1jq4jSr2Hekrfhg==", "xjRJnKlNaH/FGi0NN5VKBQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "9zRC9UwUH2bQs1UcHQ5UTQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==", "tnBbKyfWYMq7GMqd8UCfIw==", "5B1tQ2BK8z/YjRkYcvwqag==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "ORsDK2A5479NPB0r01PoXQ==": [ "fayrPya6DVXP9weWvA6obQ==", "8KJb4x3mXgChaQULEsid2A==", "dYucp/SettSQd/Hpukj6pA==", "0v/g0Z/XEXV13r48i52JgA==", "pjb5LKdJAfqIzj4N6YBwUQ==", "v1exQXePimNPt3tveLBP9g==", "crmilTSJ/pTSPBKY9EJmZg==", "wbBiCPikq6Iz02EPsysTgA==", "4JszZEguo/SAFbgp6PdKMQ==", "ho4M6//kfDyE5kZ9fbpV0g==", "Pe4IHqZpuBtuSkrgd2HMEg==", "Znm2hdK/FULQhTTGTVX59Q==", "fT6cIVRM+743nfHJKo4yuQ==", "yrec5aYK5L1Cn+46ZF7wbw==", "2U6d1qsPVwS8vUnflv9AcQ==", "qXNASosSuCsudML1MqXPjw==", "TuBnhFrkwMqIcYtYYgNGNQ==", "vTJZ/R8pdcyDbwAwRi8cBw==", "rfyVleP0iFAaKAccoWyLNQ==" ], "P5UTXxqhA6R98OWY7h85rQ==": [ "DDWmqlxBSfXi2KJJ5mwTNg==", "OPNDKUsVLJt2v1gO1zvkBA==", "XygysGe2kdlyCRQHM1fu3w==", "klCkJxhhNVG564GOUQMh+Q==", "EQ4eP3gKo3y8JsWUiWr6+g==", "wxS+u/uf8o4sT9iSccXQwA==", "4/mftydHpy90Umw3G0mTuQ==", "8Sec+JvKiQWGqYCOBdZhjg==", "YiJlkUTKf0/7+ORZMmQ2cw==", "HNpGGr9eP5twQKC3yCh1mA==", "O8fIVXqcGshIonMWsEH9gA==", "AE8Cp1u8I9t52OYW7oGU4w==" ], "PYGQE1Mr52aqIP4tEB4VSw==": [ "L7QbkTbsy8v3tMfOqNsVKQ==", "+nHq7dak7Hkjcru/xpwzhQ==" ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "U3ZkYu9FoEzQITrVBlQtLA==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "Vax934M9zGbzjdT3Y/XU9w==": [ "cqYWiTibDLM7aibErMKang==", "J5qRb3W5uqqCGngAp6UZrg==", "Cz+nwSXEXv91W0XvZNqCqw==", "u7b5r2PfK9a1QyjBR1cFRw==", "qS+8YNw5cEHn5bXG24Qmgg==", "6Cqvzp5JbuVfHsuYnIJNFw==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "W/d4trZ7jb2yxjrq4cNOWA==", "0nQ3GJDLY22M176Z5ESg6A==", "sThg2GGoKqa1RTJ5skEJTA==", "yuFlxOGqQlDuMCywIIELNw==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "bWUdPEYmtshwdmuX5VapfQ==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==", "xKLQGv5zNwcnWtQQKiO3Ww==", "8I2jFG8JRR+6+eqqYlXhAg==", "HuLJLN6ajygY/CpLyzV5lw==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "teoauN/Djw6odXikmjP4Lw==", "A1UDSDMkPKOSx7ma/geQyg==", "Rw8DyDlyRHRJOeZaAbGMRA==", "kYYDrncBncmKkmFnSd5t3w==", "7lnphmrb/VojuhlikpNO5w==", "9jHXNtwzqlOir/Op7pd9+w==", "Bgew407C4GMDdNe8dNeN7w==", "sExC9WXn4M01POjg0haQrA==", "MW3KGjkk7BWuR5JCc6cywg==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "mouoWVvs12H8FynnB5qIsQ==", "sRVcQFAdq4Ll42smqacaCw==", "ieASPdYzGxWke8nZZhE02Q==" ], "iKjky3d+XDnwdlXfvLvp/A==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ], "isPl2YxnCTfcLmUYH6Q0sA==": [ "WGvgNwrW2u5APZcidQ6v1Q==" ], "j5YRt82iOHry4ndSyCLgaA==": [ "eCNdMtt9JN2Rrb8I23NIsA==", "0WTD6ZUY2Zj2w0R3oyPWRw==", "9oBjtBiHtz7+Hwc4swPaAw==", "K3eafQ/8P8PEZ3BPWZfCgg==", "kCsMurCi7F77HxJoLqd9jA==", "9ZCmRufeuC0TKSSi9pcU6g==", "3IgZDz5UYkhu/U1/4kSWKg==", "/1CYFiexnJcM7p4YrI/FVg==", "RdjNn4dAdZKcn6VS95a/SQ==", "UyCjBcpeB0nhkRTVhUcAJQ==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "LTmcTrhW8bJGvJXJVPjm/g==", "tYeLT/YUKIk7yaK07WvPeA==", "qC/lM94bJkHuTCcx6Z47mQ==", "KExChYIaW0MvXNLWbjS/Hw==", "RYqFgDYIttLgJc8B82sK/w==", "Lt2Hg7sVYgz0GD7ldFmjjA==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "AZQ9MHTiNLYiRU7sYZlVGw==", "n83jaRl/T6kiaoMyWtX8xw==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "SHxE0qXbBmDEp/LL1ieJeA==", "HuOxI+pWjgGV0XsBvltzlg==", "VsocCwaFpF6PzdX5PxR+sQ==", "jw1ZiDut5Ot+DyVFjCrixg==", "S7qx7a03HASsJhyQafvXjg==", "rEg00U8+//igCt+0+QBUhA==", "xCUiEQAH1lfhrKtUxQDIYA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==" ], "lU0MYRg2dg5wynl2dMGsgA==": [ "hfBpyVezkUAf98QWnlvzIA==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "W/DMqBRMDYVkVH3D67luGg==", "vx2N2RZTm7neux8kVlqgEg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "9uK7ZDYgFtqP786n0QunAg==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==", "XBiy/XVR6SoThCkYUmkD1g==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "xLIujTim86EomaRofe4tDg==", "0fCtWwB6iclgRvIA+IqiJQ==", "EiL50P2QSOoRA18XAAH6Pg==", "EKs36DFwHVCzU/cF0Be9pQ==", "ElIjMFAz33tt/XVMysRkdA==", "ngbKDtxhn33NKWC2lhOQNQ==", "p2qAiuM4AsdQ5J4fBWvbBA==", "npBrFSWnZYxq9cizdfDfCQ==", "Oi3Y6I7JDcoQrQyH+jMXWw==", "jguV9kU5iHC5V/cF3+b/tg==", "iEGZHZXt8HWPSM5eJesddQ==", "KaROgE0QmtiOixMG9Wi1RA==" ], "oUYls//IDfQ4QSLGKlUoZg==": [ "t3XJyztcU9aOXTMLI8NRmA==", "a067YUjLHWzR99JNl/RtGQ==", "H2CablNBrQ/I5AsUjk5xyw==", "1lUHOMB3ANHGWpqCBv9Ynw==", "BooDzA4nzaDI1l3E5zAHgg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "H9Ud41wofJc/QlL6Rm7WkA==", "avzu5SRbIjcduH4QdmZ1gg==", "ruDQdx7OmIsgMCpioWbqOQ==", "XbpXfbeApuDuIKvY0/qWiA==", "UUIKm7f4jyfDWGKvptUQ8Q==", "Rfm1tD+QxSP/TVjKFDNabg==", "npQpPXYG8xMJ1LRSVSnKGA==", "Wp4+QBQm4nhI8rQxVklEXw==", "KCgCqCavM9U0xL+GHJqzSg==", "OgFGrvrnAoXXvapnatTrxQ==" ], "wQNSAAyfpn1pixah4j5PmA==": [ "ZlxfTVb/4bi6yWQ+JLaOnw==", "0QzoXQSqkKieJ7Oc+px0JA==", "HB9r/GLycEmk6aXttwtBlw==", "h6rS2s3xilGaG0a+pIjl8A==", "L3k0cIIlkMGQFiWnZm8Mlg==", "sGwL9v57mGx7f18qBkIacA==", "cCowLuOsLfTMmPFOoqUVww==", "nYtstWEUOCTbjAlmYOKURA==", "8qOJVWAut1+UqTXPOWH12g==", "OFdQC3/0S5rItoyqpACTFw==", "2U8ppg+02PjFDuM5YqFstQ==", "6Xr5PbPGSy+aHLDQ9q4L9w==", "5ZHvcDYhgzWjwNpRgF2u1w==", "nhJPQpDYg9We/U8oBJw4JQ==", "mRazAXjBcgFrTolNDZHDsA==", "8rvqTFlh9aOz4UvxQN0SBQ==", "RVCidRUm4D1IKoPhoUi2AA==", "IItHEdPWz5fl9O7ZhzjDAA==", "XXiaw1EwhFkuilI94EKiqQ==", "HKrLnQyTw1292mNt3MQ0aQ==" ] }, "enrichments": {} } pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-pac-gitlab-qtyrdob8e90fb47a3f8c623f1d319d476055b8-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.6.16-8.el8_10.5 (CVE-2026-33845, CVE-2026-33846), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-66293, CVE-2026-22020, CVE-2026-25646, CVE-2026-26740), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40356)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 7 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gnutls-3.6.16-8.el8_10.5 (CVE-2026-3833), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0466, CVE-2026-28390), cups-libs-1:2.2.6-67.el8_10 (CVE-2023-4504, CVE-2026-27447, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990, CVE-2026-39314, CVE-2026-39316), libblkid-2.32.1-48.el8_10 (CVE-2026-27456), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616, CVE-2025-59529, CVE-2025-68276, CVE-2025-68468, CVE-2025-68471, CVE-2026-24401, CVE-2026-34933), python3-libs-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), file-libs-5.33-27.el8_10 (CVE-2019-8905), glibc-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libuuid-2.32.1-48.el8_10 (CVE-2026-27456), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), glib2-2.56.4-168.el8_10 (CVE-2025-14087, CVE-2025-14512, CVE-2026-1484, CVE-2026-1489), platform-python-3.6.8-76.el8_10 (CVE-2025-11468, CVE-2025-12781, CVE-2025-13837, CVE-2025-15282, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291, CVE-2026-0672, CVE-2026-1502, CVE-2026-3644, CVE-2026-4224, CVE-2026-5713, CVE-2026-6019), openldap-2.4.46-21.el8_10 (CVE-2026-22185), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2026-22693, CVE-2026-22695, CVE-2026-22801, CVE-2026-33416, CVE-2026-33636, CVE-2026-34757, CVE-2026-41254), krb5-libs-1.18.2-32.el8_10 (CVE-2026-40355), coreutils-single-8.30-17.el8_10 (CVE-2025-5278), libsmartcols-2.32.1-48.el8_10 (CVE-2026-27456), libcurl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236, CVE-2026-41989), alsa-lib-1.2.10-2.el8 (CVE-2026-25068), libarchive-3.3.3-7.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753, CVE-2026-4426, CVE-2026-5745), gnupg2-2.2.20-4.el8_10 (CVE-2025-68972), expat-2.5.0-1.el8_10 (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778), curl-7.61.1-34.el8_10.11 (CVE-2025-13034, CVE-2025-14017, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805, CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6429), glibc-common-2.28-251.el8_10.31 (CVE-2026-4046, CVE-2026-4437, CVE-2026-5435, CVE-2026-5450, CVE-2026-5928), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), libxml2-2.9.7-21.el8_10.4 (CVE-2026-0990, CVE-2026-1757, CVE-2026-6732), libmount-2.32.1-48.el8_10 (CVE-2026-27456), libzstd-1.4.4-1.el8 (CVE-2022-4899), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182, CVE-2026-25645), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-8114, CVE-2026-0964, CVE-2026-0966, CVE-2026-3731), xz-libs-5.2.4-4.el8_6 (CVE-2026-34743), tar-2:1.30-11.el8_10 (CVE-2025-45582, CVE-2025-64118, CVE-2026-33056, CVE-2026-5704), systemd-libs-239-82.el8_10.16 (CVE-2018-20839, CVE-2025-4598, CVE-2026-29111, CVE-2026-4105)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 144 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), gnutls-3.6.16-8.el8_10.5 (CVE-2021-4209, CVE-2026-3832), openssl-libs-1:1.1.1k-15.el8_6 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741, CVE-2025-15468, CVE-2025-15469, CVE-2025-68160, CVE-2025-69418, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-31789), cups-libs-1:2.2.6-67.el8_10 (CVE-2021-25317, CVE-2026-41079), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), python3-libs-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), file-libs-5.33-27.el8_10 (CVE-2019-8906), glibc-2.28-251.el8_10.31 (CVE-2026-4438), glibc-minimal-langpack-2.28-251.el8_10.31 (CVE-2026-4438), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360, CVE-2025-7039, CVE-2026-0988, CVE-2026-1485), platform-python-3.6.8-76.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075, CVE-2026-2297, CVE-2026-3479), java-17-openjdk-headless-1:17.0.19.0.10-1.el8 (CVE-2022-3857, CVE-2026-27171), zlib-1.2.11-25.el8 (CVE-2026-27171), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libcurl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), libgcrypt-1.8.5-7.el8_6 (CVE-2026-41990), libarchive-3.3.3-7.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258, CVE-2026-24883), nss-util-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-freebl-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), expat-2.5.0-1.el8_10 (CVE-2025-66382, CVE-2026-24515, CVE-2026-41080), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), curl-7.61.1-34.el8_10.11 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-6276), glibc-common-2.28-251.el8_10.31 (CVE-2026-4438), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), libxml2-2.9.7-21.el8_10.4 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170, CVE-2026-0989, CVE-2026-0992), pcre2-10.32-3.el8_6 (CVE-2022-41409), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libzstd-1.4.4-1.el8 (CVE-2021-24032), nss-softokn-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968), gawk-4.2.1-4.el8 (CVE-2023-4156), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libtasn1-4.13-5.el8_10 (CVE-2018-1000654, CVE-2025-13151), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), systemd-libs-239-82.el8_10.16 (CVE-2021-3997), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232, CVE-2025-70873), nss-sysinit-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-3.112.0-8.el8_10 (CVE-2020-12413, CVE-2024-7531)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 152 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":7,"medium":144,"low":152,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d", "digests": ["sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64"]}} {"result":"SUCCESS","timestamp":"2026-05-07T23:48:45+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-pac-gitlab-qtyrdof2a03bf21bde61f4da280ef0c32a6fac-pod | init container: prepare 2026/05/07 23:48:25 Entrypoint initialization pod: test-comp-pac-gitlab-qtyrdof2a03bf21bde61f4da280ef0c32a6fac-pod | container step-apply-additional-tags: time="2026-05-07T23:48:28Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d" time="2026-05-07T23:48:28Z" level=info msg="[param] digest: sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64" time="2026-05-07T23:48:28Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-05-07T23:48:32Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} { s: "\n pod: test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln-init-pod | init container: prepare\n2026/05/07 23:46:30 Entrypoint initialization\n\npod: test-comp-pac-gitlab-qtyrdo-on-pull-request-lpzln-init-pod | container step-init: \ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"Cache proxy is disabled via param\"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-05-07T23:46:33Z\" level=info msg=\"[result] NO PROXY: \"\n\n pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | init container: prepare\n2026/05/07 23:48:25 Entrypoint initialization\n\n pod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | init container: place-scripts\n2026/05/07 23:48:25 Decoded script /tekton/scripts/script-0-v79gc\n2026/05/07 23:48:25 Decoded script /tekton/scripts/script-1-txzfq\n\npod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | container step-extract-and-scan-image: \nStarting clamd ...\nclamd is ready!\nDetecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo@sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64.\nDetected container image. Processing image manifests.\nRunning \"oc image extract\" on image of arch amd64\nScanning image for arch amd64. This operation may take a while.\n\n----------- SCAN SUMMARY -----------\nInfected files: 0\nTime: 39.400 sec (0 m 39 s)\nStart Date: 2026:05:07 23:48:52\nEnd Date: 2026:05:07 23:49:31\nExecuted-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27993/Wed May 6 06:24:57 2026 Database version: 27993\n[\n\t{\n\t\t\"filename\": \"/work/logs/clamscan-result-log-amd64.json\",\n\t\t\"namespace\": \"required_checks\",\n\t\t\"successes\": 2\n\t}\n]\n{\"timestamp\":\"1778197771\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n{\"timestamp\":\"1778197771\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n{\"timestamp\":\"1778197771\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d\", \"digests\": [\"sha256:2cd90854a489b20448b7b912df0c3d8ff0b5b90a68374c28813ccc12558aab64\"]}}\n\npod: test-comp-pac-gitlab-qtyrdo9509641aae225ed2b10a9c506b32d838-pod | container step-upload: \nSelecting auth\nUsing token for quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo\nAttaching to quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d\nExecuting: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-ufob/test-comp-pac-gitlab-qtyrdo:on-pr-9563c74c641ed57d00587689aa7c536c690dd28d@sha256:2cd90854a489b20448b7... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.72Gj3TWGe0/tests/integration-service/gitlab-integration-reporting.go:150 @ 05/07/26 23:49:49.585 There were additional failures detected. To view them in detail run ginkgo -vv ------------------------------ SSSSSSSSSSSSSSSSSSS••••••••••••••••••••••••••••••••••S•S• ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:507 ------------------------------ • ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:744 ------------------------------ •SS•S• ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:507 ------------------------------ • ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:744 ------------------------------ •••••••••••••••••••S•S• ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:507 ------------------------------ • ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.72Gj3TWGe0/tests/build/build_templates.go:744 ------------------------------ ••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:642 ------------------------------ •••• ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:642 ------------------------------ •••••••••••••••••• ------------------------------ • [FAILED] [1816.283 seconds] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] triggers a PipelineRun for parent component [build-service, renovate, multi-component, forgejo] /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:259 Timeline >> PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh PipelineRun has not been created yet for the component build-e2e-ctkg/fj-multi-component-parent-pjvh [FAILED] in [It] - /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:272 @ 05/08/26 00:04:03.836 error getting logs for pod/container image-controller-image-pruner-cronjob-29636640-m7ftn/image-pruner: error in opening the stream: container "image-pruner" in pod "image-controller-image-pruner-cronjob-29636640-m7ftn" is waiting to start: CreateContainerConfigError << Timeline [FAILED] Timed out after 1800.000s. timed out when waiting for the PipelineRun to start for the component fj-multi-component-parent-pjvh/build-e2e-ctkg Expected success, but got an error: <*errors.errorString | 0xc00131a1d0>: no pipelinerun found for component fj-multi-component-parent-pjvh { s: "no pipelinerun found for component fj-multi-component-parent-pjvh", } In [It] at: /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:272 @ 05/08/26 00:04:03.836 ------------------------------ SSSSSSSSSSSS•••• ------------------------------ • [FAILED] [1216.295 seconds] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] should lead to a nudge PR creation for child component [build-service, renovate, multi-component, github] /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:412 Timeline >> [FAILED] in [It] - /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:427 @ 05/08/26 00:09:32.594 error getting logs for pod/container image-controller-image-pruner-cronjob-29636640-m7ftn/image-pruner: error in opening the stream: container "image-pruner" in pod "image-controller-image-pruner-cronjob-29636640-m7ftn" is waiting to start: CreateContainerConfigError << Timeline [FAILED] Timed out after 1200.000s. timed out when waiting for component nudge PR to be created in build-nudge-child-zuzpjt repository Expected : false to be true In [It] at: /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:427 @ 05/08/26 00:09:32.594 ------------------------------ SS•••••••••••• ------------------------------ • [TIMEDOUT] [2750.748 seconds] [disaster-recovery DR Suite] DR Backwards-Compat when creating tenants on the old Konflux version [It] should wait for all build PipelineRuns to succeed [disaster-recovery, Serial] /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:74 Timeline >> STEP: Waiting for per-component build → test chains across all tenants @ 05/08/26 00:13:56.013 STEP: Waiting for build PipelineRun for mathwizz-frontend in dr-test-moshekipod-backwards-compat-dr (base: 0) @ 05/08/26 00:13:56.013 STEP: Waiting for build PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) @ 05/08/26 00:13:56.013 STEP: Waiting for build PipelineRun for mathwizz-web-server in dr-test-moshekipod-backwards-compat-dr (base: 0) @ 05/08/26 00:13:56.013 STEP: Waiting for build PipelineRun for mathwizz-web-server in dr-test-kokohazamar-backwards-compat-dr (base: 0) @ 05/08/26 00:13:56.013 STEP: Waiting for build PipelineRun for mathwizz-history-worker in dr-test-kokohazamar-backwards-compat-dr (base: 0) @ 05/08/26 00:13:56.013 STEP: Waiting for build PipelineRun for mathwizz-history-worker in dr-test-moshekipod-backwards-compat-dr (base: 0) @ 05/08/26 00:13:56.013 namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-web-server in dr-test-kokohazamar-backwards-compat-dr (base: 0) @ 05/08/26 00:18:26.527 namespace dr-test-moshekipod-backwards-compat-dr: 0/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-web-server in dr-test-moshekipod-backwards-compat-dr (base: 0) @ 05/08/26 00:18:26.528 namespace dr-test-moshekipod-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-history-worker in dr-test-moshekipod-backwards-compat-dr (base: 0) @ 05/08/26 00:18:26.528 namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 1/1 build PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-history-worker in dr-test-kokohazamar-backwards-compat-dr (base: 0) @ 05/08/26 00:18:56.538 STEP: Waiting for test PipelineRun for mathwizz-frontend in dr-test-moshekipod-backwards-compat-dr (base: 0) @ 05/08/26 00:18:56.538 namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 1/1 build PipelineRuns succeeded STEP: Waiting for test PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) @ 05/08/26 00:18:56.539 namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-kokohazamar-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded namespace dr-test-moshekipod-backwards-compat-dr: 0/1 test PipelineRuns succeeded [TIMEDOUT] in [It] - /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:74 @ 05/08/26 00:59:45.47 error getting logs for pod/container image-controller-image-pruner-cronjob-29636640-m7ftn/image-pruner: error in opening the stream: container "image-pruner" in pod "image-controller-image-pruner-cronjob-29636640-m7ftn" is waiting to start: CreateContainerConfigError Deleting fork repo DR-MathWizz-qwmtfi for tenant dr-test-kokohazamar-backwards-compat-dr Deleting fork repo DR-MathWizz-jwumef for tenant dr-test-moshekipod-backwards-compat-dr STEP: Collecting Velero pod information @ 05/08/26 00:59:46.731 Velero pod: node-agent-9scmm | Phase: Running | Ready: true Velero pod: node-agent-w8swj | Phase: Running | Ready: true Velero pod: node-agent-w9pwf | Phase: Running | Ready: true Velero pod: velero-5498cfc4db-kkz4w | Phase: Running | Ready: true STEP: Collecting Backup CR status for tenant "dr-test-kokohazamar-backwards-compat-dr" @ 05/08/26 00:59:46.74 WARNING: could not get Backup CR "backup-kokohazamar-backwards-compat-dr": backups.velero.io "backup-kokohazamar-backwards-compat-dr" not found STEP: Collecting Restore CR status for tenant "dr-test-kokohazamar-backwards-compat-dr" @ 05/08/26 00:59:46.746 WARNING: could not get Restore CR "restore-backup-kokohazamar-backwards-compat-dr": restores.velero.io "restore-backup-kokohazamar-backwards-compat-dr" not found STEP: Collecting Backup CR status for tenant "dr-test-moshekipod-backwards-compat-dr" @ 05/08/26 00:59:46.751 WARNING: could not get Backup CR "backup-moshekipod-backwards-compat-dr": backups.velero.io "backup-moshekipod-backwards-compat-dr" not found STEP: Collecting Restore CR status for tenant "dr-test-moshekipod-backwards-compat-dr" @ 05/08/26 00:59:46.756 WARNING: could not get Restore CR "restore-backup-moshekipod-backwards-compat-dr": restores.velero.io "restore-backup-moshekipod-backwards-compat-dr" not found << Timeline [TIMEDOUT] A suite timeout occurred In [It] at: /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:74 @ 05/08/26 00:59:45.47 This is the Progress Report generated when the suite timeout occurred: [disaster-recovery DR Suite] DR Backwards-Compat when creating tenants on the old Konflux version should wait for all build PipelineRuns to succeed (Spec Runtime: 45m49.457s) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:74 In [It] (Node Runtime: 45m49.457s) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:74 At [By Step] Waiting for test PipelineRun for mathwizz-frontend in dr-test-kokohazamar-backwards-compat-dr (base: 0) (Step Runtime: 40m48.931s) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:201 Spec Goroutine goroutine 780 [sync.WaitGroup.Wait, 47 minutes] sync.runtime_SemacquireWaitGroup(0xc00128eaa0?, 0x0?) /usr/lib/golang/src/runtime/sema.go:114 sync.(*WaitGroup).Wait(0xc001ad8920) /usr/lib/golang/src/sync/waitgroup.go:206 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains(0xc00017aa80, {0xc00107ef00, 0x2, 0xc0004746a0?}, 0x0, 0x0) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:208 | } | } > wg.Wait() | | // Release PipelineRuns run in the managed namespace and may not map 1:1 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.defineBackwardsCompatSpecs.func1.2.2() /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:75 | | It("should wait for all build PipelineRuns to succeed", func() { > waitForPipelineChains(fw, bcTenants, nil, nil) | }) | github.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0xc001102d78?, 0xc000474782?}) /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/node.go:585 github.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3() /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:946 github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 115 /opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.3/internal/suite.go:911 Goroutines of Interest goroutine 782 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0004ce5b0, {0x436e1b0, 0xc001099600}, 0x1, {0xc00187ebc0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0004ce5b0, {0x436e1b0, 0xc001099600}, {0xc00187ebc0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc00017aa80, {0x3c03bce, 0x27}, {0x3b820ef, 0x4}, {0x3bc5c2d, 0x17}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x3c03bce, 0x27}, {0x3c28868, 0x2f}, {0x3be3fed, 0x1f}, {0x3bffde0, 0x26}, {0xc00112aa38, 0x12}, ...}, ...) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 780 /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 784 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc00047dc70, {0x436e1b0, 0xc001098d60}, 0x1, {0xc00187f640, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc00047dc70, {0x436e1b0, 0xc001098d60}, {0xc00187f640, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc00017aa80, {0x3bffe06, 0x26}, {0x3b820ef, 0x4}, {0x3bb72fb, 0x13}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x3bffe06, 0x26}, {0x3c237ca, 0x2e}, {0x3be095b, 0x1e}, {0x3bfc1e0, 0x25}, {0xc001bdc5b8, 0x12}, ...}, ...) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 780 /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 802 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0005a6b60, {0x436e1b0, 0xc0008a19e0}, 0x1, {0xc000ff90c0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0005a6b60, {0x436e1b0, 0xc0008a19e0}, {0xc000ff90c0, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc00017aa80, {0x3bffe06, 0x26}, {0x3b820ef, 0x4}, {0x3baf49b, 0x11}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x3bffe06, 0x26}, {0x3c237ca, 0x2e}, {0x3be095b, 0x1e}, {0x3bfc1e0, 0x25}, {0xc001bdc5b8, 0x12}, ...}, ...) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 780 /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 781 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0003e5570, {0x436e1b0, 0xc000f2e4f0}, 0x1, {0xc0008abc00, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0003e5570, {0x436e1b0, 0xc000f2e4f0}, {0xc0008abc00, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc00017aa80, {0x3c03bce, 0x27}, {0x3b820ef, 0x4}, {0x3bb72fb, 0x13}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x3c03bce, 0x27}, {0x3c28868, 0x2f}, {0x3be3fed, 0x1f}, {0x3bffde0, 0x26}, {0xc00112aa38, 0x12}, ...}, ...) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 780 /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 801 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0003d77a0, {0x436e1b0, 0xc0008a04f0}, 0x1, {0xc000ff8880, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0003d77a0, {0x436e1b0, 0xc0008a04f0}, {0xc000ff8880, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc00017aa80, {0x3bffe06, 0x26}, {0x3b820ef, 0x4}, {0x3bc5c2d, 0x17}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x3bffe06, 0x26}, {0x3c237ca, 0x2e}, {0x3be095b, 0x1e}, {0x3bfc1e0, 0x25}, {0xc001bdc5b8, 0x12}, ...}, ...) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 780 /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() goroutine 783 [select] github.com/onsi/gomega/internal.(*AsyncAssertion).match(0xc0005a7260, {0x436e1b0, 0xc001060960}, 0x1, {0xc000ff9f40, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:558 github.com/onsi/gomega/internal.(*AsyncAssertion).Should(0xc0005a7260, {0x436e1b0, 0xc001060960}, {0xc000ff9f40, 0x4, 0x4}) /opt/app-root/src/go/pkg/mod/github.com/onsi/gomega@v1.40.0/internal/async_assertion.go:145 > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForSucceededPRCount(0xc00017aa80, {0x3c03bce, 0x27}, {0x3b820ef, 0x4}, {0x3baf49b, 0x11}, 0x1, 0x4e94914f000, 0x6fc23ac00) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:137 | namespace, succeededCount, expectedCount, displayType) | return succeededCount > }, timeout, poll).Should(Equal(expectedCount), | "expected %d successful %s PipelineRuns in namespace %s", | expectedCount, displayType, namespace) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains.func1({{0x3c03bce, 0x27}, {0x3c28868, 0x2f}, {0x3be3fed, 0x1f}, {0x3bffde0, 0x26}, {0xc00112aa38, 0x12}, ...}, ...) /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:203 | By(fmt.Sprintf("Waiting for test PipelineRun for %s in %s (base: %d)", | component.Name, tenant.Namespace, base.test)) > waitForSucceededPRCount(fw, tenant.Namespace, "test", component.Name, | base.test+1, PipelineTimeout, PipelinePoll) | }(t, comp) > github.com/konflux-ci/e2e-tests/tests/disaster-recovery.waitForPipelineChains in goroutine 780 /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/tenant_application_lifecycle.go:189 | for _, comp := range Components { | wg.Add(1) > go func(tenant Tenant, component ComponentDef) { | defer GinkgoRecover() | defer wg.Done() ------------------------------ SSSSSSSSSSSSSSSSSSS Summarizing 7 Failures: [FAIL] [build-service-suite Build service E2E tests] test git provider fj PaC component build when a new component without specified branch is created and with visibility private [It] correctly targets the default branch (that is not named 'main') with PaC [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, pac-custom-default-branch] /tmp/tmp.72Gj3TWGe0/tests/build/pac_build.go:150 [FAIL] [integration-service-suite Status Reporting of Integration tests] with status reporting of Integration tests in CheckRuns when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, github-status-reporting, custom-branch] /tmp/tmp.72Gj3TWGe0/tests/integration-service/status-reporting-to-pullrequest.go:146 [FAIL] [integration-service-suite Gitlab Status Reporting of Integration tests] Gitlab with status reporting of Integration tests in the assosiated merge request when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, gitlab-status-reporting, custom-branch] /tmp/tmp.72Gj3TWGe0/tests/integration-service/gitlab-integration-reporting.go:150 [PANICKED!] [upgrade-suite Create users and check their state] [It] Verify AppStudioProvisionedUser [upgrade-verify] /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 [FAIL] [build-service-suite Build service E2E tests] test git provider fj component update with renovate when components are created in same namespace [It] triggers a PipelineRun for parent component [build-service, renovate, multi-component, forgejo] /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:272 [FAIL] [build-service-suite Build service E2E tests] test git provider gh component update with renovate when components are created in same namespace [It] should lead to a nudge PR creation for child component [build-service, renovate, multi-component, github] /tmp/tmp.72Gj3TWGe0/tests/build/renovate.go:427 [TIMEDOUT] [disaster-recovery DR Suite] DR Backwards-Compat when creating tenants on the old Konflux version [It] should wait for all build PipelineRuns to succeed [disaster-recovery, Serial] /tmp/tmp.72Gj3TWGe0/tests/disaster-recovery/dr_backwards_compat.go:74 Ran 267 of 469 Specs in 5265.811 seconds FAIL! - Suite Timeout Elapsed -- 260 Passed | 7 Failed | 88 Pending | 114 Skipped Ginkgo ran 1 suite in 1h30m3.536438511s Test Suite Failed Error: running "ginkgo --seed=1778195330 --timeout=1h30m0s --grace-period=30s --output-interceptor-mode=none --no-color --json-report=e2e-report.json --junit-report=e2e-report.xml --procs=20 --nodes=20 --p --output-dir=/workspace/artifact-dir ./cmd --" failed with exit code 1 make: *** [Makefile:25: ci/test/e2e] Error 1